Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix connect timeout not being enforced #9329

Merged
merged 9 commits into from
Nov 22, 2018
Merged

Fix connect timeout not being enforced #9329

merged 9 commits into from
Nov 22, 2018

Conversation

Gargron
Copy link
Member

@Gargron Gargron commented Nov 22, 2018

The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.

Regression from #6813

Now, the total timeout is 1 second for DNS look-up, and 10 seconds for socket opening, wherein 2 IPs are tried one after the other within those 10 seconds. So if there is only one IP, we wait 10 seconds, if there's two IPs, we wait 5 seconds each.

The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.
@Gargron Gargron added bug Something isn't working security Security issues and fixes, vulnerabilities labels Nov 22, 2018
@Gargron
Copy link
Member Author

Gargron commented Nov 22, 2018

cc @rtucker @akihikodaki

@Gargron Gargron added the performance Runtime performance label Nov 22, 2018
@ClearlyClaire
Copy link
Contributor

This raises an exception and stops trying to connect at the first IP that timeouts, right?
If so, that negates any benefit from #6813

@Gargron
Copy link
Member Author

Gargron commented Nov 22, 2018

@ThibG The alternative is that it moves to the 2nd IP and then never times out (measured 120 seconds in a test before something times out somehow (on 2nd IP after first, specifically))

@Gargron
Copy link
Member Author

Gargron commented Nov 22, 2018

We can put a Timeout::timeout in the foreach block, but then I think we should also limit the maximum number of iterated IPs, and scale individual timeouts such that the total does not exceed 10s.

@ClearlyClaire
Copy link
Contributor

@Gargron outch. In this case, yeah, that's probably better for now, but we ought to find a better way.

@rtucker
Copy link
Contributor

rtucker commented Nov 22, 2018

Yeah, doing it on the full block is probably best. The downside of this PR is that it's fixing reachability to one set of broken instances while breaking reachability to another set of broken instances.

I'd oppose merging this until it can be properly fixed, but, well, too late now.

@nightpool
Copy link
Member

nightpool commented Nov 22, 2018

@rtucker it hasn't been merged yet.

I considered opposing merging this but I think that on balance it's better to have stricter timeouts then it is to have perfect reachability, especially if it's going to be dependent on stuff like DNS order anyways.

@rtucker
Copy link
Contributor

rtucker commented Nov 22, 2018

Ah, mis-read "approved" as "merged", apologies. It's 10am on a holiday and the coffee hasn't come out yet, heh.

For smaller instances, the timeouts are less of a problem than deliverability. RedLight kicks in pretty quickly for AP endpoints and limits the overall performance impact for complete unreachability pretty well, but whenever OVH or Scaleway half-break for a few hours, not falling back to legacy IP is a problem.

@Gargron
Copy link
Member Author

Gargron commented Nov 22, 2018

Timeout::timeout spawns a thread so the less we use it, the better... So if I move the timeout to within the loop, I'd want to make sure the HTTP::Timeout#connect method doesn't also call it. I remember reading that Timeout::timeout calls the block directly if passed a 0, so that's probably what I will have to do...

@@ -94,7 +94,7 @@ def key_id
end

def timeout
{ connect: 10, read: 10, write: 10 }
{ connect: nil, read: 10, write: 10 }
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Timeout.timeout(nil) yields the block immediately, without spawning any threads

return super(host, *args) if thru_hidden_service?(host)

outer_e = nil
addresses = Addrinfo.getaddrinfo(host, nil, nil, :SOCK_STREAM).take(2)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why 2: AAAA, A is the most common use case. Spawning threads is not cheap, Timeout.timeout spawns threads, so we don't want to spawn more than 2 (one more than before)

@rtucker
Copy link
Contributor

rtucker commented Nov 22, 2018

I've had coffee now, and yeah, this seems reasonable. :)

@Gargron Gargron merged commit fd8145d into master Nov 22, 2018
@Gargron Gargron deleted the fix-connect-timeout branch November 22, 2018 19:12
@packetcat
Copy link
Contributor

Hey y'all,

I noticed that this change is causing a change in address family preference, I noticed mastodon.social switching over to IPv4 for outbound federation as opposed to using IPv6 preferred if available.

148.251.134.157 - - [22/Nov/2018:22:57:32 +0000] "POST /inbox HTTP/1.1" 202 36 "-" "http.rb/3.3.0 (Mastodon/2.6.1; +https://mastodon.social/)"

That seems to be a regression, is this some sort of default behaviour in Resolv::DNS, if so can we change this behaviour?

Gargron added a commit that referenced this pull request Nov 23, 2018
* Fix connect timeout not being enforced

The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.

* Use timeout on each IP attempt, but limit to 2 attempts

* Fix code style issue

* Do not break Request#perform if no block given

* Update method stub in spec for Request

* Move timeout inside the begin/rescue block

* Use Resolv::DNS with timeout of 1 to get IP addresses

* Update Request spec to stub Resolv::DNS instead of Addrinfo

* Fix Resolve::DNS stubs in Request spec
@Eriner
Copy link

Eriner commented Nov 24, 2018

@Gargron, any chance I can be credited in the release notes for reporting this issue?

Gargron added a commit that referenced this pull request Nov 27, 2018
mastodon-weblate pushed a commit to mastodon-weblate/mastodon that referenced this pull request Nov 27, 2018
Gargron added a commit that referenced this pull request Nov 30, 2018
Gargron added a commit that referenced this pull request Dec 2, 2018
* Fix connect timeout not being enforced

The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.

* Use timeout on each IP attempt, but limit to 2 attempts

* Fix code style issue

* Do not break Request#perform if no block given

* Update method stub in spec for Request

* Move timeout inside the begin/rescue block

* Use Resolv::DNS with timeout of 1 to get IP addresses

* Update Request spec to stub Resolv::DNS instead of Addrinfo

* Fix Resolve::DNS stubs in Request spec
Gargron added a commit that referenced this pull request Dec 2, 2018
@Eriner
Copy link

Eriner commented Dec 4, 2018

@Gargron @akihikodaki, the release(s) where these issues are resolved should probably be tagged as security fixes.

lawremipsum pushed a commit to lawremipsum/mspsocial-mastodon that referenced this pull request Dec 22, 2018
* Fix connect timeout not being enforced

The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.

* Use timeout on each IP attempt, but limit to 2 attempts

* Fix code style issue

* Do not break Request#perform if no block given

* Update method stub in spec for Request

* Move timeout inside the begin/rescue block

* Use Resolv::DNS with timeout of 1 to get IP addresses

* Update Request spec to stub Resolv::DNS instead of Addrinfo

* Fix Resolve::DNS stubs in Request spec
lawremipsum pushed a commit to lawremipsum/mspsocial-mastodon that referenced this pull request Dec 22, 2018
* Fix connect timeout not being enforced

The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.

* Use timeout on each IP attempt, but limit to 2 attempts

* Fix code style issue

* Do not break Request#perform if no block given

* Update method stub in spec for Request

* Move timeout inside the begin/rescue block

* Use Resolv::DNS with timeout of 1 to get IP addresses

* Update Request spec to stub Resolv::DNS instead of Addrinfo

* Fix Resolve::DNS stubs in Request spec
robinmaypanpan pushed a commit to BeachCity/mastodon that referenced this pull request May 6, 2019
* Use backend from glitch-soc for instance-only toots

* Base frontend on privacy dropdown

* Add local_only indicator in the status action bar

* Add local_only indicator to detailed status

* Add backend support for local_only on status create
Based off ThibG implementation on glitch #502

* Normalize translations
ran yarn build:development && i18n-tasks normalize && yarn manage:translations && i18n-tasks remove-unused

* Add local_only to admin screens

* Hide local statuses from user atom and from unlogged users

* Add local only icon to status page

* Fix issue with toggle in mobile

* Add default federation option to settings

* Fix wrong configuration fetched

* Change setting wording

* Check for empty "last_status" before sorting DM column (mastodon#9207)

* Check for empty "last_status" before sorting

* Small touchups for codeclimate

* Update resolve_url_service.rb (mastodon#9188)

* Increase default column width from 330px to 350px (mastodon#9227)

* Optimize the process of following someone (mastodon#9220)

* Eliminate extra accounts select query from FollowService

* Optimistically update follow state in web UI and hide loading bar

Fix mastodon#6205

* Asynchronize NotifyService in FollowService

And fix failing test

* Skip Webfinger resolve routine when called from FollowService if possible

If an account is ActivityPub, then webfinger re-resolving is not necessary
when called from FollowService. Improve options of ResolveAccountService

* Fix follow limit validator reporting lower number past threshold (mastodon#9230)

* Fix follow limit validator reporting lower number past threshold

* Avoid floating point follow limit

* Fix form validation flash message color and input borders (mastodon#9235)

* Fix form validation flash message color and input borders

* Fix typo

* Display amount of freed disk space in tootctl media remove (mastodon#9229)

* Display amount of freed disk space in tootctl media remove

Fix mastodon#9213

* Fix code style issue

* Add "Show thread" link to self-replies (mastodon#9228)

Fix mastodon#4716

* Fix nil error regression from mastodon#9229 in tootctl media remove (mastodon#9239)

Fix mastodon#9237

* Improve ActiveRecord connection in on_worker_boot (mastodon#9238)

This is how it looks in the example in the Puma README

* Check that twitter:player is valid before using it (mastodon#9254)

Fixes mastodon#9251

* Fix emoji update date processing (mastodon#9255)

* Perform deep comparison for card data when receiving new props (mastodon#9270)

Fixes mastodon#9226

* Fix null error introduced in mastodon#9270 (mastodon#9275)

* Fix race condition causing shallow status with only a "favourited" attribute (mastodon#9272)

Fixes mastodon#9231

* Fix "tootctl media remove" can't count the file size (mastodon#9288)

* Fixed an issue where "tootctl media remove" can not count the file size.

* Fixed the problem pointed out by codeclimate.

* Remove intermediary arrays when creating hash maps from results (mastodon#9291)

* Prevent multiple handlers for Delete of Actor from running (mastodon#9292)

* Fix filter ID not being a string in REST API (mastodon#9303)

* Update Nginx config for Nanobox apps (mastodon#9310)

The Nanobox files have gotten out of sync, a touch, with what Masto needs for Nginx settings. This PR updates them accordingly.

* WebSub: ATOM before RSS (mastodon#9302)

Hello,
The ATOM feed contains the hub declaration for WebSub, but the RSS
version does not.
RSS/ATOM readers will typically pick whichever version comes first, and
will thus not see the WebSub feature.
I therefore suggest putting the ATOM version first, as it is more
feature-rich than its RSS counterpart is.

Clients not compatible with ATOM would not pick it anyway due to the
different type attribute.

A more complicated alternative would be to declare the WebSub feature in
the RSS version as well, using something like the following code, and
ensuring that clients subscribed to the RSS version would receive PuSH
updates just like those subscribed to the ATOM version.

````xml
<rss version="2.0" xmlns:webfeeds="http://webfeeds.org/rss/1.0"
xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link rel="self" type="application/rss+xml"
href="https://diaspodon.fr/users/test.rss"/>
<atom:link rel="hub" href="https://diaspodon.fr/api/push"/>
</channel>
</rss>
```

* Touch account on successful response, change char shown when culled (mastodon#9293)

Just the color is not enough change since not everyone uses colored
terminals.
Touching the account makes it so that the account is not in the
threshold window in case of running again

* Ignore JSON-LD profile in mime type comparison (mastodon#9179)

Ignore JSON-LD profile in mime type comparison

* Fix connect timeout not being enforced (mastodon#9329)

* Fix connect timeout not being enforced

The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.

* Use timeout on each IP attempt, but limit to 2 attempts

* Fix code style issue

* Do not break Request#perform if no block given

* Update method stub in spec for Request

* Move timeout inside the begin/rescue block

* Use Resolv::DNS with timeout of 1 to get IP addresses

* Update Request spec to stub Resolv::DNS instead of Addrinfo

* Fix Resolve::DNS stubs in Request spec

* Bump version to 2.6.2

* add loglevel to ffmpeg in gif upload (mastodon#9368)

* Allow hyphens in the middle of remote user names (mastodon#9345)

Fixes mastodon#9309

This only allows hyphens in the middle of a username, much like dots,
although I don't have a compelling reason to do so other than keeping
the changes minimal.

* Fix nil error when no DNS addresses are found for host (mastodon#9379)

* Don't count suspended users in user count (mastodon#9380)

Fix mastodon#7637

* Skip deliveries to inboxes that have already been marked as unavailable (mastodon#9358)

* Fix TLS handshake timeout not being enforced (mastodon#9381)

Follow-up to mastodon#9329

* Bump version to 2.6.3

* Remove npm-run-all dependency (mastodon#9401)

Fix mastodon#9359

* Bump version to 2.6.4

* Preload common JSON-LD contexts (mastodon#9412)

Fixes mastodon#9411

* Include replies to list owner and replies to list members in list statuses (mastodon#9324)

* Bump version to 2.6.5

* Only stream local-only toots to logged-in users

* Normalize translations

* Bumps copyright year in README.md to 2019 (mastodon#9939)

This is so incredibly small, but assuming this is a needed change. Might want to check year in other files.

* Fix link color in high-contrast theme, add underlines (mastodon#9949)

Improve sorting of default themes in the dropdown

* Replace unlock-alt icon with unlock (mastodon#9952)

* Allow most kinds of characters in URL query (fixes mastodon#8408) (mastodon#8447)

* Allow unicode characters in URL query strings

Fixes mastodon#8408

* Alternative approach to unicode support in urls

Adds PoC/idea to approch this problem.

* Fix authorized applications list page design (mastodon#9969)

* Fix not showing custom emojis in share page emoji picker (mastodon#9970)

* [UI] Fix whitespace being applied to div instead of p (mastodon#9968)

* fix large line breaks

* fix ascii art posts

* Hide misleading “You will be sent a confirmation e-mail” hint from admin view (mastodon#9973)

Thanks @wryk for noticing this issue.

* Fix Tombstone.delete_all ArgumentError (mastodon#9978)

*  Only URLs extract with pre-escaped text (mastodon#9991)

* [test] add japanese hashtag testcase

* Only URLs extract with pre-escaped text

( mastodon#9989 )

* Fix URL linkifier grabbing full-width spaces and quotations (mastodon#9997)

Fix mastodon#9993
Fix mastodon#5654

* Fix IntersectionObserverArticle not hiding some out-of-view items (mastodon#9982)

IntersectionObserverArticle is made to save on RAM by avoiding fully rendering
items that are far out of view. However, it did not work for items spawned
outside the intersection observer.

* Fix timeline jumps (mastodon#10001)

* Avoid two-step rendering of statuses as much as possible

Cache width shared by Video player, MediaGallery and Cards at the
ScrollableList level, pass it down through StatusList and Notifications.

* Adjust scroll when new preview cards appear

* Adjust scroll when statuses above the current scroll position are deleted

* Don't focus spiler input when disabled spoiler (mastodon#10017)

* Move sending account Delete to anyone but the account's followers to the pull̀ queue (mastodon#10016)

* Add support for IPv6 only MXes in Email validation (mastodon#10009)

* Add support for IPv6 only MXes

* Fixed email validator tests

* Save IP address used for sign-up, not only sign-in (mastodon#10026)

Fixes mastodon#9995

* Fix color of static page links in high contrast theme (mastodon#10028)

* Fix hashtags select styling in default and high contrast themes (mastodon#10029)

* Fix style regressions on landing page (mastodon#10030)

* Add tight rate-limit for API deletions (mastodon#10042)

Deletions take a lot of resources to execute and cause a lot of
federation traffic, so it makes sense to decrease the number
someone can queue up through the API.

30 per 30 minutes

* Fix hashtag column not subscribing to stream on mount (mastodon#10040)

Fix mastodon#9895

* Create Redisable#redis (mastodon#9633)

* Create Redisable

* Use #redis instead of Redis.current

* Alternative handling of private self-boosts (mastodon#9998)

* When self-boosting, embed original toot into Announce serialization

* Process unknown self-boosts from Announce object if it is more than an URI

* Add some self-boost specs

* Only serialize private toots in self-Announces

* Filter incoming Create activities by relation to local activity (mastodon#10005)

Reject those from accounts with no local followers, from relays
that are not enabled, which do not address local accounts and are
not replies to accounts that do have local followers

* Filter incoming Announce activities by relation to local activity (mastodon#10041)

* Filter incoming Announce activities by relation to local activity

Reject if announcer is not followed by local accounts, and is not
from an enabled relay, and the object is not a local status

Follow-up to mastodon#10005

* Fix tests

* Add logging for rejected ActivityPub payloads and add tests (mastodon#10062)

* Fix Announce activities of unknown statuses not fetching those statuses (mastodon#10065)

Regression from mastodon#9998

* Fix relay enabling/disabling not resetting inbox availability status (mastodon#10048)

Fix mastodon#10033

* Change robots.txt to exclude some URLs (mastodon#10037)

- Exclude static assets
- Exclude uploaded files
- Exclude alternate versions of the profile page
- Exclude media proxy URLs

* Change robots.txt to exclude only media proxy URLs (mastodon#10038)

* Revert "Change robots.txt to exclude some URLs (mastodon#10037)"

This reverts commit 80161f4.

* Let's block media_proxy

/media_proxy/ is a dynamic route used for requesting uncached media, so it's
probably bad to let crawlers use it

* misleading comment

* Improve image description user experience (mastodon#10036)

* Add image descriptions to searchable post content.

* Allow multi-line image descriptions.

* Request image descriptions in the same query as posts when creating the search index.

(see mastodon#10036 (comment))

* perf: run node directly when streaming (mastodon#10032)

* Fix breaks when opening a reply tree in WebUI (mastodon#10046)

fix mastodon#10045

* Change conversations to always show names of other participants (mastodon#10047)

Fix mastodon#9190

* Change buttons on timeline preview to open the interaction dialog (mastodon#10054)

Fix mastodon#9922

* Change error graphic to hover-to-play (mastodon#10055)

Fix mastodon#6060

* Add registrations attribute to instance entity in REST API (mastodon#10060)

Fix mastodon#9350

* Add vapid_key to the application entity in the REST API (mastodon#10058)

Fix mastodon#8785

* Fix mutes, blocks, domain blocks and follow requests not paginating (mastodon#10057)

Regression from mastodon#9581

* Fix crash on public hashtag pages when streaming fails (mastodon#10061)

* Bump version to 2.7.2

* Do not leak local-only toots to remote mentioned users

* Update .gitignore

* Update Beach City version to 1.4
@Eriner
Copy link

Eriner commented Sep 22, 2019

This issue (and #9381) have been assigned CVE-2018-21018, which was resolved with Mastodon release v2.6.3.

hiyuki2578 pushed a commit to ProjectMyosotis/mastodon that referenced this pull request Oct 2, 2019
* Fix connect timeout not being enforced

The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.

* Use timeout on each IP attempt, but limit to 2 attempts

* Fix code style issue

* Do not break Request#perform if no block given

* Update method stub in spec for Request

* Move timeout inside the begin/rescue block

* Use Resolv::DNS with timeout of 1 to get IP addresses

* Update Request spec to stub Resolv::DNS instead of Addrinfo

* Fix Resolve::DNS stubs in Request spec
hiyuki2578 pushed a commit to ProjectMyosotis/mastodon that referenced this pull request Oct 2, 2019
shouo1987 pushed a commit to CrossGate-Pawoo/mastodon that referenced this pull request Mar 30, 2020
* Fix connect timeout not being enforced

The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.

* Use timeout on each IP attempt, but limit to 2 attempts

* Fix code style issue

* Do not break Request#perform if no block given

* Update method stub in spec for Request

* Move timeout inside the begin/rescue block

* Use Resolv::DNS with timeout of 1 to get IP addresses

* Update Request spec to stub Resolv::DNS instead of Addrinfo

* Fix Resolve::DNS stubs in Request spec
shouo1987 pushed a commit to CrossGate-Pawoo/mastodon that referenced this pull request Mar 30, 2020
mashirozx added a commit to mashirozx/mastodon that referenced this pull request Sep 20, 2020
* Use backend from glitch-soc for instance-only toots

* Base frontend on privacy dropdown

* Add backend support for local_only on status create
Based off ThibG implementation on glitch #502

* Add local_only indicator in the status action bar

* Add local_only indicator to detailed status

* Normalize translations
ran yarn build:development && i18n-tasks normalize && yarn manage:translations && i18n-tasks remove-unused

* Add local_only to admin screens

* Hide local statuses from user atom and from unlogged users

* Add local only icon to status page

* Fix issue with toggle in mobile

* Add default federation option to settings

* Fix wrong configuration fetched

* Change setting wording

* Check for empty "last_status" before sorting DM column (mastodon#9207)

* Check for empty "last_status" before sorting

* Small touchups for codeclimate

* Update resolve_url_service.rb (mastodon#9188)

* Increase default column width from 330px to 350px (mastodon#9227)

* Optimize the process of following someone (mastodon#9220)

* Eliminate extra accounts select query from FollowService

* Optimistically update follow state in web UI and hide loading bar

Fix mastodon#6205

* Asynchronize NotifyService in FollowService

And fix failing test

* Skip Webfinger resolve routine when called from FollowService if possible

If an account is ActivityPub, then webfinger re-resolving is not necessary
when called from FollowService. Improve options of ResolveAccountService

* Fix follow limit validator reporting lower number past threshold (mastodon#9230)

* Fix follow limit validator reporting lower number past threshold

* Avoid floating point follow limit

* Fix form validation flash message color and input borders (mastodon#9235)

* Fix form validation flash message color and input borders

* Fix typo

* Display amount of freed disk space in tootctl media remove (mastodon#9229)

* Display amount of freed disk space in tootctl media remove

Fix mastodon#9213

* Fix code style issue

* Add "Show thread" link to self-replies (mastodon#9228)

Fix mastodon#4716

* Fix nil error regression from mastodon#9229 in tootctl media remove (mastodon#9239)

Fix mastodon#9237

* Improve ActiveRecord connection in on_worker_boot (mastodon#9238)

This is how it looks in the example in the Puma README

* Check that twitter:player is valid before using it (mastodon#9254)

Fixes mastodon#9251

* Fix emoji update date processing (mastodon#9255)

* Perform deep comparison for card data when receiving new props (mastodon#9270)

Fixes mastodon#9226

* Fix null error introduced in mastodon#9270 (mastodon#9275)

* Fix race condition causing shallow status with only a "favourited" attribute (mastodon#9272)

Fixes mastodon#9231

* Fix "tootctl media remove" can't count the file size (mastodon#9288)

* Fixed an issue where "tootctl media remove" can not count the file size.

* Fixed the problem pointed out by codeclimate.

* Remove intermediary arrays when creating hash maps from results (mastodon#9291)

* Prevent multiple handlers for Delete of Actor from running (mastodon#9292)

* Fix filter ID not being a string in REST API (mastodon#9303)

* Update Nginx config for Nanobox apps (mastodon#9310)

The Nanobox files have gotten out of sync, a touch, with what Masto needs for Nginx settings. This PR updates them accordingly.

* WebSub: ATOM before RSS (mastodon#9302)

Hello,
The ATOM feed contains the hub declaration for WebSub, but the RSS
version does not.
RSS/ATOM readers will typically pick whichever version comes first, and
will thus not see the WebSub feature.
I therefore suggest putting the ATOM version first, as it is more
feature-rich than its RSS counterpart is.

Clients not compatible with ATOM would not pick it anyway due to the
different type attribute.

A more complicated alternative would be to declare the WebSub feature in
the RSS version as well, using something like the following code, and
ensuring that clients subscribed to the RSS version would receive PuSH
updates just like those subscribed to the ATOM version.

````xml
<rss version="2.0" xmlns:webfeeds="http://webfeeds.org/rss/1.0"
xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link rel="self" type="application/rss+xml"
href="https://diaspodon.fr/users/test.rss"/>
<atom:link rel="hub" href="https://diaspodon.fr/api/push"/>
</channel>
</rss>
```

* Touch account on successful response, change char shown when culled (mastodon#9293)

Just the color is not enough change since not everyone uses colored
terminals.
Touching the account makes it so that the account is not in the
threshold window in case of running again

* Ignore JSON-LD profile in mime type comparison (mastodon#9179)

Ignore JSON-LD profile in mime type comparison

* Fix connect timeout not being enforced (mastodon#9329)

* Fix connect timeout not being enforced

The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.

* Use timeout on each IP attempt, but limit to 2 attempts

* Fix code style issue

* Do not break Request#perform if no block given

* Update method stub in spec for Request

* Move timeout inside the begin/rescue block

* Use Resolv::DNS with timeout of 1 to get IP addresses

* Update Request spec to stub Resolv::DNS instead of Addrinfo

* Fix Resolve::DNS stubs in Request spec

* Bump version to 2.6.2

* add loglevel to ffmpeg in gif upload (mastodon#9368)

* Allow hyphens in the middle of remote user names (mastodon#9345)

Fixes mastodon#9309

This only allows hyphens in the middle of a username, much like dots,
although I don't have a compelling reason to do so other than keeping
the changes minimal.

* Fix nil error when no DNS addresses are found for host (mastodon#9379)

* Don't count suspended users in user count (mastodon#9380)

Fix mastodon#7637

* Skip deliveries to inboxes that have already been marked as unavailable (mastodon#9358)

* Fix TLS handshake timeout not being enforced (mastodon#9381)

Follow-up to mastodon#9329

* Bump version to 2.6.3

* Remove npm-run-all dependency (mastodon#9401)

Fix mastodon#9359

* Bump version to 2.6.4

* Preload common JSON-LD contexts (mastodon#9412)

Fixes mastodon#9411

* Include replies to list owner and replies to list members in list statuses (mastodon#9324)

* Bump version to 2.6.5

* Only stream local-only toots to logged-in users

* Normalize translations

* Bumps copyright year in README.md to 2019 (mastodon#9939)

This is so incredibly small, but assuming this is a needed change. Might want to check year in other files.

* Fix link color in high-contrast theme, add underlines (mastodon#9949)

Improve sorting of default themes in the dropdown

* Replace unlock-alt icon with unlock (mastodon#9952)

* Allow most kinds of characters in URL query (fixes mastodon#8408) (mastodon#8447)

* Allow unicode characters in URL query strings

Fixes mastodon#8408

* Alternative approach to unicode support in urls

Adds PoC/idea to approch this problem.

* Fix authorized applications list page design (mastodon#9969)

* Fix not showing custom emojis in share page emoji picker (mastodon#9970)

* [UI] Fix whitespace being applied to div instead of p (mastodon#9968)

* fix large line breaks

* fix ascii art posts

* Hide misleading “You will be sent a confirmation e-mail” hint from admin view (mastodon#9973)

Thanks @wryk for noticing this issue.

* Fix Tombstone.delete_all ArgumentError (mastodon#9978)

* Only URLs extract with pre-escaped text (mastodon#9991)

* [test] add japanese hashtag testcase

* Only URLs extract with pre-escaped text

( mastodon#9989 )

* Fix URL linkifier grabbing full-width spaces and quotations (mastodon#9997)

Fix mastodon#9993
Fix mastodon#5654

* Fix IntersectionObserverArticle not hiding some out-of-view items (mastodon#9982)

IntersectionObserverArticle is made to save on RAM by avoiding fully rendering
items that are far out of view. However, it did not work for items spawned
outside the intersection observer.

* Fix timeline jumps (mastodon#10001)

* Avoid two-step rendering of statuses as much as possible

Cache width shared by Video player, MediaGallery and Cards at the
ScrollableList level, pass it down through StatusList and Notifications.

* Adjust scroll when new preview cards appear

* Adjust scroll when statuses above the current scroll position are deleted

* Don't focus spiler input when disabled spoiler (mastodon#10017)

* Move sending account Delete to anyone but the account's followers to the pull̀ queue (mastodon#10016)

* Add support for IPv6 only MXes in Email validation (mastodon#10009)

* Add support for IPv6 only MXes

* Fixed email validator tests

* Save IP address used for sign-up, not only sign-in (mastodon#10026)

Fixes mastodon#9995

* Fix color of static page links in high contrast theme (mastodon#10028)

* Fix hashtags select styling in default and high contrast themes (mastodon#10029)

* Fix style regressions on landing page (mastodon#10030)

* Add tight rate-limit for API deletions (mastodon#10042)

Deletions take a lot of resources to execute and cause a lot of
federation traffic, so it makes sense to decrease the number
someone can queue up through the API.

30 per 30 minutes

* Fix hashtag column not subscribing to stream on mount (mastodon#10040)

Fix mastodon#9895

* Create Redisable#redis (mastodon#9633)

* Create Redisable

* Use #redis instead of Redis.current

* Alternative handling of private self-boosts (mastodon#9998)

* When self-boosting, embed original toot into Announce serialization

* Process unknown self-boosts from Announce object if it is more than an URI

* Add some self-boost specs

* Only serialize private toots in self-Announces

* Filter incoming Create activities by relation to local activity (mastodon#10005)

Reject those from accounts with no local followers, from relays
that are not enabled, which do not address local accounts and are
not replies to accounts that do have local followers

* Filter incoming Announce activities by relation to local activity (mastodon#10041)

* Filter incoming Announce activities by relation to local activity

Reject if announcer is not followed by local accounts, and is not
from an enabled relay, and the object is not a local status

Follow-up to mastodon#10005

* Fix tests

* Add logging for rejected ActivityPub payloads and add tests (mastodon#10062)

* Fix Announce activities of unknown statuses not fetching those statuses (mastodon#10065)

Regression from mastodon#9998

* Fix relay enabling/disabling not resetting inbox availability status (mastodon#10048)

Fix mastodon#10033

* Change robots.txt to exclude some URLs (mastodon#10037)

- Exclude static assets
- Exclude uploaded files
- Exclude alternate versions of the profile page
- Exclude media proxy URLs

* Change robots.txt to exclude only media proxy URLs (mastodon#10038)

* Revert "Change robots.txt to exclude some URLs (mastodon#10037)"

This reverts commit 80161f4.

* Let's block media_proxy

/media_proxy/ is a dynamic route used for requesting uncached media, so it's
probably bad to let crawlers use it

* misleading comment

* Improve image description user experience (mastodon#10036)

* Add image descriptions to searchable post content.

* Allow multi-line image descriptions.

* Request image descriptions in the same query as posts when creating the search index.

(see mastodon#10036 (comment))

* perf: run node directly when streaming (mastodon#10032)

* Fix breaks when opening a reply tree in WebUI (mastodon#10046)

fix mastodon#10045

* Change conversations to always show names of other participants (mastodon#10047)

Fix mastodon#9190

* Change buttons on timeline preview to open the interaction dialog (mastodon#10054)

Fix mastodon#9922

* Change error graphic to hover-to-play (mastodon#10055)

Fix mastodon#6060

* Add registrations attribute to instance entity in REST API (mastodon#10060)

Fix mastodon#9350

* Add vapid_key to the application entity in the REST API (mastodon#10058)

Fix mastodon#8785

* Fix mutes, blocks, domain blocks and follow requests not paginating (mastodon#10057)

Regression from mastodon#9581

* Fix crash on public hashtag pages when streaming fails (mastodon#10061)

* Bump version to 2.7.2

* Do not leak local-only toots to remote mentioned users

* Add description on hover in media gallery (mastodon#10713)

* Fix some colors of high contrast theme (mastodon#10711)

* Fix "nothing here" text color of high contrast

* Fix counter border color of high contrast

* Bring back crossed eye icon on gallery (mastodon#10715)

* Improve poll link accessibility (mastodon#10720)

* Add distinction between hover and active/focus states
* Resolves mastodon#10198

* Change icon and label depending on whether media is marked as sensitive (mastodon#10748)

* Change icon and label depending on whether media is marked as sensitive

* WiP use a checkbox

* Fix some colors in light theme (mastodon#10754)

* Fix typo in light theme

* Fix background color of empty column

* Adds click-able div that expands status (mastodon#10733) (mastodon#10766)

The clickable div is positioned under the account avatar and covers
all empty space below it to the end of the status.

* Minor performance improvements and cleanup in formatter (mastodon#10765)

* Prevent from publicly boosting one's own private toots (mastodon#10775)

* add og:image:alt for media attachments in embeds (mastodon#10779)

* Add post-deployment migration script to delete public-boosts-of-private-toots (mastodon#10783)

* fix `isSubmitting` prop case (mastodon#10785)

* Fix “invited by” not showing up for invited accounts in admin interface (mastodon#10791)

* Bump version to 2.8.3

* Retry ActivityPub inbox delivery on HTTP 401 and 408 errors (mastodon#10812)

HTTP 401 responses returned by Mastodon's inbox controller may
be temporary if, for instance, the requesting user's actor/key json
could not be retrieved in a timely fashion. This changes allow retries
instead of dropping the message entirely.

Also added HTTP 408 as that error is by nature temporary.

* Move signature verification stoplight to the requests themselves (mastodon#10813)

* Move signature verification stoplight to the requests themselves

This avoids blocking messages from known keys for 5 minutes when only one fails…

* Put the stoplight on the actual client IP, not a potential reverse proxy

* Fix possible race condition when processing statuses (mastodon#10815)

* Improve streaming server security (mastodon#10818)

* Check OAuth token scopes in the streaming API

* Use Sec-WebSocket-Protocol instead of query string to pass WebSocket token

Inspired by kubevirt/kubevirt#1242

* Bump version to 2.8.4

* Fix merge issues

* Fix account URI in UpdatePollSerializer (mastodon#11194)

* Fix account URI in UpdatePollSerializer

Fixes mastodon#11185

* Add specs

* Fix swiping columns on mobile sometimes failing (mastodon#11200)

Fixes mastodon#9779

* Fix option to send e-mail notification about account action always being true (mastodon#11242)

* Fix BackupService crashing when an attachment is missing (mastodon#11241)

* Fix BackupService crashing when an attachment is missing

For various reasons such as admin error or out-of-sync media and
database backups, it might be possible for local attachments to be lost.

This commit allows the BackupService to continue its work even if some media
file is missing.

* Change error message

* Fix Status.remote scope matching *all* statuses (mastodon#11265)

* Fix BlockService trying to reject incorrect follow request (mastodon#11288)

Fixes mastodon#11148

* Fix invites not being disabled upon account suspension (mastodon#11412)

* Disable invite links from disabled/suspended users

* Add has_many invites relationship to users

* Destroy unused invites when suspending an account

* Update fuubar dependency to 2.4.1 (mastodon#11248)

See also: thekompanee/fuubar#111

* Fix support for MP4 files that are actually M4V files (mastodon#11210)

Resolve mastodon#11187

* Fix expiration date of filters being set to “Never” when editing them (mastodon#11204)

When editing a custom filter, select the shortest preset duration that
still covers the remaining time of that filter.

Fixes mastodon#9506

* Fix statsd UDP sockets not being cleaned up in Sidekiq (mastodon#11230)

* Remove unused StatsD code and expose StatsD as a global variable (mastodon#11232)

The instrumentation code was used for StatsD metrics collection
prior to the switch to the nsa gem and should have been removed
at that point as it no longer does anything at all

* Fix some flash notices/alerts staying on unrelated pages (mastodon#11364)

* Fix `alerts` booleans not being typecast correctly in push subscription (mastodon#11343)

* Fix `alerts` booleans not being typecast correctly in push subscription

Fix mastodon#10789

* Fix typo

* Optimize makeGetStatus (mastodon#11211)

* Optimize makeGetStatus

Because `ImmutableList.filter` always returns a new object and `createSelector`
memoizes based on object identity, the selector returned by `makeGetStatus`
would *always* execute.

To avoid that, we wrap `getFilters` into a new memoizer that memoizes based on
deep equality, thus returning the same object as long as the filters haven't
changed, allowing the memoization of `makeGetStatus` to work.

Furthermore, we memoize the compiled regexs instead of recomputing them each
time the selector is called.

* Fix memoized result being cleared too often

* Make notifications use memoized getFiltersRegex

* Memoize ancestorIds and descendantIds in detailed status view (mastodon#11234)

* Fix boosting & unboosting preventing a boost from appearing in the TL (mastodon#11405)

* Fix boosting & unboosting preventing a boost from appearing in the TL

* Add tests

* Avoids side effects when aggregate_reblogs isn't true

* Fix delete regression (mastodon#11450)

Regression from ff789a7

* Apply filters to poll options (mastodon#11174)

* Apply filters to poll options in WebUI

Fixes mastodon#11128

* Apply filters to poll options server-side

* Add poll options to searchable text

* Fix unnecessary SQL query performed on unauthenticated requests (mastodon#11179)

* Add message telling FTS is disabled when no toot can be found because of this (mastodon#11112)

* Add message telling FTS is disabled when no toot can be found because of this

Fixes mastodon#11082

* Remove info icon and reword message

* Display FTS warning based on actual search term, not the one being typed (mastodon#11202)

Follow-up to mastodon#11112

* Scroll to compose form rather than reply indicator on focus (mastodon#11182)

* When sending a toot, ensure a CW is only set if the CW field is visible (mastodon#11206)

In some occasions, such as the browser or a browser extension auto-filling
the existing but disabled/hidden CW field, a CW can be set without the user
knowing.

* When deleting & redrafting a poll, fill in closest expires_in (mastodon#11203)

Use the smallest preset expires_in such that the new poll would
not expire before the old one.

In the typical case of a quick delete & redraft, this results in
using the same poll duration.

Fixes mastodon#10567

* Only scroll to the compose form if it's not horizontally in the viewport (mastodon#11246)

Avoids jumping the scroll around vertically when giving it focus and
editing long toots.

* Display custom emoji in bio field names (mastodon#11350)

Already displayed in public pages, but not WebUI

* Play animated custom emoji on hover (mastodon#11348)

* Play animated custom emoji on hover in status

* Play animated custom emoji on hover in display names

* Play animated custom emoji on hover in bios/bio fields

* Add support for animation on hover on public pages emojis too

* Fix tests

* Code style cleanup

* Fix animate on hover in poll options without CW (mastodon#11404)

* Change domain block behaviour to prevent creation of accounts from suspended domains (mastodon#11219)

* Change ActivityPub::DeliveryWorker to not retry HTTP 501 errors (mastodon#11233)

* Change the retry limit in error of web push notification (mastodon#11292)

- Change the maximum count of retry for web push notification (Default -> 5).
   - In case of high load of subscribe server, the retries will be repeated many times.
   - Because the retries occupy the default queue, maximum retry count should be reduced.

* Change default interface of web and streaming from 0.0.0.0 to 127.0.0.1 (mastodon#11302)

* Make puma bind address configurable with BIND env var (mastodon#11326)

* Change terms and privacy policy pages to always be accessible (mastodon#11334)

Fix mastodon#11328

* Change language detection to include hashtags as words (mastodon#11341)

* Fix only one middle dot being recognized in hashtags (mastodon#11345)

Fix mastodon#10934

* Change Dockerfile to bind to 0.0.0.0 instead of docker-compose.yml (mastodon#11351)

* Fix sanitizing lists contents (mastodon#11354)

* Add test

* Fix code for sanitizing nested lists stripping all tags

* Fix avatar animation on hover when not logged in (mastodon#11349)

* Added logout to dropdown menu (mastodon#11353)

* Added logout to dropdown menu

* Triggering build-and-test with empty commit as it seems it failed due to some internal failure

* Looks fine, ready to review

* Added changes from review

* method can be null without any problems

* Also target can be null

* Disallow numeric-only hashtags (mastodon#11363)

* Add spec covering numeric-only hashtags

* Fix hashtag regex

* Change locale detection to run once per session (mastodon#8657)

Fix mastodon#6462

* Bind servers to 0.0.0.0 in Procfile (mastodon#11378)

* Bind to 0.0.0.0

* Make Procfile common to main and streaming apps

* Change account domain block to clear out notifications and follows (mastodon#11393)

* Remove pre from version, add extra suffix variable (mastodon#11407)

* Remove timestamps from converted images to make them deterministic (mastodon#11408)

* Prevent archiving when user set "noindex" (mastodon#11421)

* Disable list title validation button when list title is empty (mastodon#11475)

* Fix timestamp on featured tag (mastodon#11477)

It resolves mastodon#11338

* Trap tab in modals (mastodon#11493)

* Fix privacy dropdown active state when dropdown is placed on top of it (mastodon#11495)

* Improve dropdown menu keyboard navigation (mastodon#11491)

* Allow selecting menu items with the space bar in status dropdown menus

* Fix modals opened by keyboard navigation being immediately closed

* Fix menu items triggering modal actions

* Add Tab trapping inside dropdown menu

* Give focus back to last focused element when status dropdown menu closes

* Improve keyboard navigation in privacy dropdown (mastodon#11492)

* Trap tab in privacy dropdown

* Give focus back to last focused element when privacy dropdown menu closes

* Actually give back focus to the element that had it before clicking the dropdown

* Fix image uploads being perfectly white when canvas read access is blocked (mastodon#11499)

Fixes mastodon#11496

* Improve focus handling with dropdown menus (mastodon#11511)

- Focus first item when activated via keyboard
- When the dropdown menu closes, give back the focus to
  the actual element which was focused prior to opening the menu

* Fix "cancel follow request" button having unreadable text in web UI (mastodon#11521)

Fix mastodon#11478

* Add GIF and WebP support for custom emojis (mastodon#11519)

Fix mastodon#11466

* Fix pinned statuses API returning pagination headers (mastodon#11526)

Fix mastodon#10227

* Fix crash when saving invalid domain name (mastodon#11528)

Fix mastodon#7629

* Fix “read more” button behing hidden (regression from mastodon#11404) (mastodon#11522)

* Fix “read more” button behing hidden (regression from mastodon#11404)

This has the side-effect of putting the “Read more” button below possibly
trunctated polls instead of putting the poll below the “Read more”

* Remove dead code

* Bump version to 2.9.3

Co-authored-by: Renato "Lond" Cerqueira <renato@lond.com.br>
Co-authored-by: Steven Tappert <admin@dark-it.net>
Co-authored-by: m.b <mbajur@users.noreply.github.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: ThibG <thib@sitedethib.com>
Co-authored-by: mayaeh <mayaeh@marimo-net.org>
Co-authored-by: Dan Hunsaker <danhunsaker@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Co-authored-by: valerauko <vale@valerauko.net>
Co-authored-by: Hugo Gameiro <hmgameiro@gmail.com>
Co-authored-by: Sam Schlinkert <sschlinkert@gmail.com>
Co-authored-by: Clar Charr <clar@charr.xyz>
Co-authored-by: Jakub Mendyk <jakubmendyk.szkola@gmail.com>
Co-authored-by: rinsuki <428rinsuki+git@gmail.com>
Co-authored-by: trwnh <a@trwnh.com>
Co-authored-by: abcang <abcang1015@gmail.com>
Co-authored-by: Hinaloe <hina@hinaloe.net>
Co-authored-by: Franck Zoccolo <franck@zoccolo.com>
Co-authored-by: ysksn <bluewhale1982@gmail.com>
Co-authored-by: nightpool <nightpool@users.noreply.github.com>
Co-authored-by: Ben Lubar <ben.lubar+github@gmail.com>
Co-authored-by: Nolan Lawson <nolan@nolanlawson.com>
Co-authored-by: nzws <git-yuzu@svk.jp>
Co-authored-by: Jeong Arm <kjwonmail@gmail.com>
Co-authored-by: Maciek Baron <thebezet@gmail.com>
Co-authored-by: nzws <git@nzws.me>
Co-authored-by: Neil Moore <dar13.dev@gmail.com>
Co-authored-by: Ben Lubar <ben.lubar@gmail.com>
Co-authored-by: Georg Gadinger <nilsding@nilsding.org>
Co-authored-by: han@highemelry <high.emerly.ytfin@gmail.com>
Co-authored-by: Daigo 3 Dango <zunda@users.noreply.github.com>
Co-authored-by: koyu <me@koyu.space>
Co-authored-by: Clar Fon <them@lightdark.xyz>
chasedream1129 added a commit to monado-ren/mastodon that referenced this pull request Aug 11, 2024
…tance_only_statuses)

commit d56074116f8d884d7fc52384fa7980fa3aa62492
Merge: 6ba8af0a74 1c8c318281
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Thu Feb 3 14:04:08 2022 +0100

    Merge tag 'v3.4.5' into instance_only_statuses

commit 6ba8af0a74560798bc6fd65dc7f7777651fa942c
Merge: 8ef1767c07 fd868f8ca0
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Tue Dec 28 12:51:24 2021 +0100

    Merge tag 'v3.4.4' into instance_only_statuses

commit 8ef1767c0707a93a4d6730875f514943a9233155
Merge: b43c50afa8 4c7efdba40
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Tue May 25 19:36:32 2021 +0200

    Merge tag 'v3.4.0' into instance_only_statuses

commit b43c50afa85e844c47e8e5f46de55b56dba2b96b
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Sun Dec 27 12:04:11 2020 +0100

    Fix old merges code

commit 1f47e8f1bf4a67148a4001258827a6803628a6aa
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Sun Dec 27 11:38:47 2020 +0100

    Fix for new listener detection

commit cb085b4c44acc3d57532bfd8edb687c4893e1a8f
Merge: 92c4d909a0 633d175146
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Sun Dec 27 11:00:43 2020 +0100

    Merge tag 'v3.3.0' into instance_only_statuses

commit 92c4d909a04202cad3f875ba512884f1f4b4baaf
Merge: 8126ac030e a583e54023
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Thu Nov 19 22:47:16 2020 +0100

    Merge tag 'v3.2.1' into instance_only_statuses

commit a583e540232fe7f3c0902dec0ba97252eb4357cc
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Mon Oct 19 15:58:53 2020 +0200

    Bump version to 3.2.1

commit 4ea7193f0a65a28886b954e99733cc42e6b9f572
Author: ThibG <thib@sitedethib.com>
Date:   Mon Aug 24 18:21:07 2020 +0200

    Add support for latest HTTP Signatures spec draft (#14556)

    * Add support for latest HTTP Signatures spec draft

    https://www.ietf.org/id/draft-ietf-httpbis-message-signatures-00.html

    - add support for the “hs2019” signature algorithm (assumed to be equivalent
      to RSA-SHA256, since we do not have a mechanism to specify the algorithm
      within the key metadata yet)
    - add support for (created) and (expires) pseudo-headers and related
      signature parameters, when using the hs2019 signature algorithm
    - adjust default “headers” parameter while being backwards-compatible with
      previous implementation
    - change the acceptable time window logic from 12 hours surrounding the “date”
      header to accepting signatures created up to 1 hour in the future and
      expiring up to 1 hour in the past (but only allowing expiration dates up to
      12 hours after the creation date)
      This doesn't conform with the current draft, as it doesn't permit accounting
      for clock skew.
      This, however, should be addressed in a next version of the draft:
      https://github.com/httpwg/http-extensions/pull/1235

    * Add additional signature requirements

    * Rewrite signature params parsing using Parslet

    * Make apparent which signature algorithm Mastodon on verification failure

    Mastodon uses RSASSA-PKCS1-v1_5, which is not recommended for new applications,
    and new implementers may thus unknowingly use RSASSA-PSS.

    * Add workaround for PeerTube's invalid signature header

    The previous parser allowed incorrect Signature headers, such as
    those produced by old versions of the `http-signature` node.js package,
    and seemingly used by PeerTube.

    This commit adds a workaround for that.

    * Fix `signature_key_id` raising an exception

    Previously, parsing failures would result in `signature_key_id` being nil,
    but the parser changes made that result in an exception.

    This commit changes the `signature_key_id` method to return `nil` in case
    of parsing failures.

    * Move extra HTTP signature helper methods to private methods

    * Relax (request-target) requirement to (request-target) || digest

    This lets requests from Plume work without lowering security significantly.

commit aa98655cf61e732fb3cfe7626347b79189f61b77
Author: ThibG <thib@sitedethib.com>
Date:   Mon Aug 24 16:56:21 2020 +0200

    Fix dereferencing remote statuses not using the correct account (#14656)

    Follow-up to #14359

    In the case of limited toots, the receiver may not be explicitly part of the
    audience. If a specific user's inbox URI was specified, it makes sense to
    dereference the toot from the corresponding user, instead of trying to find
    someone in the explicit audience.

commit dd3a86eb04d7445e32df44b66ec34332b78b7902
Author: Tdxdxoz <tdxdxoz@gmail.com>
Date:   Mon Aug 24 20:13:44 2020 +0800

    Fix: also use custom private boost icon for detailed status (#14471)

    * use custom private boost icon for detail status

    * only use className

commit aea0161e83ba0d154a3b3824e4d14d31773486b0
Author: ThibG <thib@sitedethib.com>
Date:   Mon Aug 24 14:11:47 2020 +0200

    Add support for inlined objects in activity audience (#14514)

    * Add support for inlined objects in activity audience

    * Add tests

commit 8b448aecef9495353a1cd18d9e5d95b576cdede2
Author: ThibG <thib@sitedethib.com>
Date:   Mon Aug 10 01:51:06 2020 +0200

    Fix `tootctl media` commands not handling snowflake ids for media_attachments (#14536)

commit 6db143e424b7566519153e6a0c831cd77ceff227
Author: ThibG <thib@sitedethib.com>
Date:   Sat Aug 8 17:57:56 2020 +0200

    Fix crash when failing to load emoji picker (#14525)

    Fixes #14523

commit 3b699f17320de7fc1d1adc40e8edbd8ee58c9d57
Author: ThibG <thib@sitedethib.com>
Date:   Sun Aug 2 18:47:44 2020 +0200

    Fix thumbnail color extraction (#14464)

    * Fix contrast calculation for thumbnail color extraction

    Luminance calculation was using 0-255 RGB values instead of 0-1 sRGB values,
    leading to incorrectly-computed contrast values.

    Since we use ColorDiff already, just use its XYZ colorspace conversion code
    to get the value.

    * Require at least 3:1 contrast for both accent and foreground colors

    * Lower required contrast for the accent color

commit 1995a5cb34337d18ba305c56715194fbaa68786e
Author: ThibG <thib@sitedethib.com>
Date:   Sun Aug 2 19:03:10 2020 +0200

    Fix audio/video player not using CDN_HOST in media paths on public pages (#14486)

commit 469c4c78a3ce2f7065c7273fd2800f9a39191a21
Author: ThibG <thib@sitedethib.com>
Date:   Sun Aug 2 18:47:09 2020 +0200

    Fix audio player on Safari (#14485)

commit 399c5f09009e05d22e9acd8bb75f3f803b58e365
Author: ThibG <thib@sitedethib.com>
Date:   Sun Aug 2 11:21:10 2020 +0200

    Change content-type to be always computed from file data (#14452)

    * Change content-type to be always computed from file data

    Restore previous behavior, detecting the content-type isn't very
    expensive, and some instances may serve files as application/octet-stream
    regardless of their true type, making fetching media from them fail, while
    it used to work pre-3.2.0.

    * Add test

commit 856cb96a2b4823b62df19f67686921890adfc2f8
Author: ThibG <thib@sitedethib.com>
Date:   Sun Aug 2 11:20:17 2020 +0200

    Fix new audio player features not working on Safari (#14465)

    Fixes #14462

commit 58c59af573d7cb285317bdb27d745b38cf045378
Author: Takeshi Umeda <noel.yoshiba@gmail.com>
Date:   Tue Aug 25 01:09:46 2020 +0900

    Fix an error when file_file_size is nil in tootctl media remove (#14657)

commit 3f4cceebd66c0e209239bf5a917bbda8de57d189
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sun Aug 30 01:54:30 2020 +0200

    Fix videos with near-60 fps being rejected (#14684)

    Fix #14668

commit ce6aaed4325d1a5dc15a799856d26b3d22222633
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Oct 8 00:34:57 2020 +0200

    Remove dependency on goldfinger gem (#14919)

    There are edge cases where requests to certain hosts timeout when
    using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now
    that we no longer need to support OStatus servers, webfinger logic
    is so simple that there is no point encapsulating it in a gem, so
    we can just use our own Request class. With that, we benefit from
    more robust timeout code and IPv4/IPv6 resolution.

    Fix #14091

commit 8f79ed0487fb17ad59182b49b3fbe46043cbaedd
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sun Sep 13 12:52:17 2020 +0200

    Fix reported statuses not being included in warning e-mail (#14778)

commit 4acfc3ce83a0f7492137ef0a3b0c78cce0773e6e
Author: ThibG <thib@sitedethib.com>
Date:   Sat Aug 1 18:20:37 2020 +0200

    Fix handling of Reject Follow when a matching follow relationship exists (#14479)

    * Add tests

    * Fix handling of Reject Follow when a matching follow relationship exists

    Regression from #12199

commit c98b7751ca6f7c638997c26b0807af5b51915593
Author: Takeshi Umeda <noel.yoshiba@gmail.com>
Date:   Tue Sep 1 01:11:27 2020 +0900

    Fix limited follower id in fan-out-on-write service (#14709)

commit 0abfa06b2f4d57363be8690aaf8e8ca3e1bfb221
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sun Aug 30 12:33:59 2020 +0200

    Fix inefficiencies in fan-out-on-write service (#14682)

commit aecdaf5a8c001a6e0e75a20072564de754ab5f8b
Author: ThibG <thib@sitedethib.com>
Date:   Mon Sep 14 13:04:29 2020 +0200

    Do not serve account actors at all in limited federation mode (#14800)

    * Do not serve account actors at all in limited federation mode

    When an account is fetched without a signature from an allowed instance,
    return an error.

    This isn't really an improvement in security, as the only information that was
    previously returned was required protocol-level info, and the only personal bit
    was the existence of the account. The existence of the account can still be
    checked by issuing a webfinger query, as those are accepted without signatures.

    However, this change makes it so that unallowed instances won't create account
    records on their end when they find a reference to an unknown account.

    The previous behavior of rendering a limited list of fields, instead of not
    rendering the actor at all, was in order to prevent situations in which two
    instances in Authorized Fetch mode or Limited Federation mode would fail to
    reach each other because resolving an account would require a signed query…
    from an account which can only be fetched with a signed query itself. However,
    this should now be fine as fetching accounts is done by signing on behalf of
    the special instance actor, which does not require any kind of valid signature
    to be fetched.

    * Fix tests

commit 8126ac030ee5f65077e0e2ded400a221c6b62016
Merge: 06b6353483 93dd413a47
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Mon Jul 27 22:21:35 2020 +0200

    Merge tag 'v3.2.0' into instance_only_statuses

commit 06b635348327823570119362a2f1a7981a898011
Merge: e0f3a4583c 661f3f26b0
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Wed Jul 15 20:13:00 2020 +0200

    Merge tag 'v3.1.5' into instance_only_statuses

commit 661f3f26b041dd6f1f0ea646e55616f7139bb957
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Tue Jul 7 15:22:47 2020 +0200

    Bump version to 3.1.5

commit 2d2e3651eee12364b53f658077dae9343aca5e09
Author: Thibaut Girka <thib@sitedethib.com>
Date:   Mon Jun 22 21:09:18 2020 +0200

    Fix media attachment enumeration

    Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>

commit 951e997b26cb5bf93539a22221efda97ad70079e
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Wed Jun 24 00:21:03 2020 +0200

    Change rate limits for various paths

    - Rate limit login attempts by target account
    - Rate limit password resets and e-mail re-confirmations by target account
    - Rate limit sign-up/login attempts, password resets, and e-mail re-confirmations by IP like before

commit fa3f78e4bf1b5e2b6e8b11f161dd3c02348bf3d4
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Tue Jun 23 02:57:00 2020 +0200

    Fix other sessions not being logged out on password change

    While OAuth tokens were immediately revoked, accessing the home
    controller immediately generated new OAuth tokens and "revived"
    the session due to a combination of using remember_me tokens and
    overwriting the `authenticate_user!` method

commit e0f3a4583c68b560425e30306153cf1b8f4dabe0
Merge: a42a98bc67 b752666e3f
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Fri Feb 21 14:21:59 2020 +0100

    Merge tag 'v3.1.1' into instance_only_statuses

commit a42a98bc673141efa5f14892578cfc4901d84f65
Merge: fbaaf24be8 c4118ba71b
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Mon Oct 21 09:14:53 2019 +0200

    Merge tag 'v3.0.1' into instance_only_statuses

commit fbaaf24be8db9d80b4258ba78b9c7639cc688d33
Merge: 405d6a71c8 06f906acac
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Sat Aug 10 09:20:44 2019 +0200

    Merge tag 'v2.9.3' into instance_only_statuses

commit 06f906acace5770fc10f333a203b036c5b72c849
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sat Aug 10 00:08:42 2019 +0200

    Bump version to 2.9.3

commit 80d8ff97e40fef2e6d9fd36c5bda882e92cd49dc
Author: ThibG <thib@sitedethib.com>
Date:   Thu Aug 8 17:05:50 2019 +0200

    Fix “read more” button behing hidden (regression from #11404) (#11522)

    * Fix “read more” button behing hidden (regression from #11404)

    This has the side-effect of putting the “Read more” button below possibly
    trunctated polls instead of putting the poll below the “Read more”

    * Remove dead code

commit d5963d9401b183336ab0247f5e2ffddc210d95d7
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Aug 8 23:04:19 2019 +0200

    Fix crash when saving invalid domain name (#11528)

    Fix #7629

commit b95281b533be43091ecf94268d031f1896c524f1
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Aug 8 23:04:04 2019 +0200

    Fix pinned statuses API returning pagination headers (#11526)

    Fix #10227

commit 5432edb5a765eb9621a89caf34b78ece41529374
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Aug 8 23:03:09 2019 +0200

    Add GIF and WebP support for custom emojis (#11519)

    Fix #11466

commit 6861534d9ce4e325f4210d985fbb856fb2654b0c
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Aug 8 08:56:55 2019 +0200

    Fix "cancel follow request" button having unreadable text in web UI (#11521)

    Fix #11478

commit 80e391afcdbe92d5ea4731e1571761561eec987b
Author: ThibG <thib@sitedethib.com>
Date:   Wed Aug 7 13:58:53 2019 +0200

    Improve focus handling with dropdown menus (#11511)

    - Focus first item when activated via keyboard
    - When the dropdown menu closes, give back the focus to
      the actual element which was focused prior to opening the menu

commit c69f190af975d23118ed207280729de4e2472373
Author: ThibG <thib@sitedethib.com>
Date:   Tue Aug 6 12:08:19 2019 +0200

    Fix image uploads being perfectly white when canvas read access is blocked (#11499)

    Fixes #11496

commit cec93c35d8ac2a3e1b9b640773b37b12cbb3c5fe
Author: ThibG <thib@sitedethib.com>
Date:   Tue Aug 6 11:59:58 2019 +0200

    Improve keyboard navigation in privacy dropdown (#11492)

    * Trap tab in privacy dropdown

    * Give focus back to last focused element when privacy dropdown menu closes

    * Actually give back focus to the element that had it before clicking the dropdown

commit ad6fcb2d9c791c9ac7c17b25221801f75dba644c
Author: ThibG <thib@sitedethib.com>
Date:   Tue Aug 6 11:59:46 2019 +0200

    Improve dropdown menu keyboard navigation (#11491)

    * Allow selecting menu items with the space bar in status dropdown menus

    * Fix modals opened by keyboard navigation being immediately closed

    * Fix menu items triggering modal actions

    * Add Tab trapping inside dropdown menu

    * Give focus back to last focused element when status dropdown menu closes

commit d8cf2a0fb69dc4c862921e497103ce8b02fab7fd
Author: ThibG <thib@sitedethib.com>
Date:   Tue Aug 6 11:59:14 2019 +0200

    Fix privacy dropdown active state when dropdown is placed on top of it (#11495)

commit 21e3671e32c2a88f1b19cb42209c88b45ea07607
Author: ThibG <thib@sitedethib.com>
Date:   Tue Aug 6 11:59:28 2019 +0200

    Trap tab in modals (#11493)

commit 68da55e50c49faf8d726ec7850376e4112349af1
Author: Jeong Arm <kjwonmail@gmail.com>
Date:   Mon Aug 5 06:00:38 2019 +0900

    Fix timestamp on featured tag (#11477)

    It resolves #11338

commit 3f7614f98a2610771a5ac7677d7f1249b88f165a
Author: ThibG <thib@sitedethib.com>
Date:   Sat Aug 3 19:10:39 2019 +0200

    Disable list title validation button when list title is empty (#11475)

commit c1bc34da04c6c65344dbc13a688c3d15f6aa0372
Author: Jeong Arm <kjwonmail@gmail.com>
Date:   Sun Jul 28 20:46:04 2019 +0900

    Prevent archiving when user set "noindex" (#11421)

commit a0896ae4bf985ec69b8cbc0dd0099a9c188be760
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sat Jul 27 04:41:55 2019 +0200

    Remove timestamps from converted images to make them deterministic (#11408)

commit 91fb945b0ee0b41bbd844531f6058ef38845d85e
Author: Clar Fon <them@lightdark.xyz>
Date:   Fri Jul 26 01:57:27 2019 -0400

    Remove pre from version, add extra suffix variable (#11407)

commit ed27803822d1e63650d168ff111de15b41799b02
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Jul 25 04:17:35 2019 +0200

    Change account domain block to clear out notifications and follows (#11393)

commit 4e4f73b231602d458c7c332929a557ccadfbaad4
Author: Daigo 3 Dango <zunda@users.noreply.github.com>
Date:   Sun Jul 21 18:16:30 2019 -1000

    Bind servers to 0.0.0.0 in Procfile (#11378)

    * Bind to 0.0.0.0

    * Make Procfile common to main and streaming apps

commit 9bb23b8d19b84fb40f289dc3d8b15b04d231fcad
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sun Jul 21 18:08:02 2019 +0200

    Change locale detection to run once per session (#8657)

    Fix #6462

commit dead24a7733fd24b062d8228ca92ec3f492c39bd
Author: ThibG <thib@sitedethib.com>
Date:   Fri Jul 19 23:22:35 2019 +0200

    Disallow numeric-only hashtags (#11363)

    * Add spec covering numeric-only hashtags

    * Fix hashtag regex

commit d8b8c88c221704429fb9ed75b159a18ed824118b
Author: koyu <me@koyu.space>
Date:   Fri Jul 19 03:58:46 2019 +0200

    Added logout to dropdown menu (#11353)

    * Added logout to dropdown menu

    * Triggering build-and-test with empty commit as it seems it failed due to some internal failure

    * Looks fine, ready to review

    * Added changes from review

    * method can be null without any problems

    * Also target can be null

commit ad0866804e35803bbf0975e09cf6c8fca1fa9884
Author: ThibG <thib@sitedethib.com>
Date:   Fri Jul 19 09:18:23 2019 +0200

    Fix avatar animation on hover when not logged in (#11349)

commit 6c4a196b53bb7d8b8ea8446d5e9c75ea72caab45
Author: ThibG <thib@sitedethib.com>
Date:   Fri Jul 19 01:44:58 2019 +0200

    Fix sanitizing lists contents (#11354)

    * Add test

    * Fix code for sanitizing nested lists stripping all tags

commit 28f3b13c63fd5ac5210caaa7b63b94e65aeda6b2
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Jul 18 20:28:05 2019 +0200

    Change Dockerfile to bind to 0.0.0.0 instead of docker-compose.yml (#11351)

commit 8c445c80b5a1b30caf5b57c9ed5e473dd00134f0
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Jul 18 03:02:56 2019 +0200

    Fix only one middle dot being recognized in hashtags (#11345)

    Fix #10934

commit 212848b66e69ddb72f488d233b6378f494a5fff5
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Jul 18 03:02:15 2019 +0200

    Change language detection to include hashtags as words (#11341)

commit 227c561064e47304f1da37811eb87c7ade67b792
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Wed Jul 17 19:29:37 2019 +0200

    Change terms and privacy policy pages to always be accessible (#11334)

    Fix #11328

commit 2e244b7401daedabbbff771949677adc4beb651f
Author: Daigo 3 Dango <zunda@users.noreply.github.com>
Date:   Mon Jul 15 18:51:36 2019 -1000

    Make puma bind address configurable with BIND env var (#11326)

commit 291d868773fc9805ed81d6843775adcf9222df03
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Mon Jul 15 05:56:35 2019 +0200

    Change default interface of web and streaming from 0.0.0.0 to 127.0.0.1 (#11302)

commit b21c6300433ee233ab7df3389bdda612429c4357
Author: han@highemelry <high.emerly.ytfin@gmail.com>
Date:   Sat Jul 13 01:46:21 2019 +0900

    Change the retry limit in error of web push notification (#11292)

    - Change the maximum count of retry for web push notification (Default -> 5).
       - In case of high load of subscribe server, the retries will be repeated many times.
       - Because the retries occupy the default queue, maximum retry count should be reduced.

commit f2795699dd7091f9204bf6a53314387f4752e427
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Tue Jul 2 00:59:53 2019 +0200

    Change ActivityPub::DeliveryWorker to not retry HTTP 501 errors (#11233)

commit d9a024840e8e5ce72072d4bd79a28934cbce62e7
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Mon Jul 1 19:13:30 2019 +0200

    Change domain block behaviour to prevent creation of accounts from suspended domains (#11219)

commit c8bf30df9240bc067289dae64c09f017fc3de039
Author: ThibG <thib@sitedethib.com>
Date:   Sun Jul 28 13:48:05 2019 +0200

    Fix animate on hover in poll options without CW (#11404)

commit 7f9431c3066d6a33835889a6d3c7a4019568360a
Author: ThibG <thib@sitedethib.com>
Date:   Sun Jul 21 18:10:40 2019 +0200

    Play animated custom emoji on hover (#11348)

    * Play animated custom emoji on hover in status

    * Play animated custom emoji on hover in display names

    * Play animated custom emoji on hover in bios/bio fields

    * Add support for animation on hover on public pages emojis too

    * Fix tests

    * Code style cleanup

commit af410c070619dbb1a6684a969de2043163c89f0d
Author: ThibG <thib@sitedethib.com>
Date:   Sun Jul 21 03:40:27 2019 +0200

    Display custom emoji in bio field names (#11350)

    Already displayed in public pages, but not WebUI

commit 16f348431b1f8eb034b9b2c042a12fdedce6f411
Author: ThibG <thib@sitedethib.com>
Date:   Sat Jul 6 18:18:08 2019 +0200

    Only scroll to the compose form if it's not horizontally in the viewport (#11246)

    Avoids jumping the scroll around vertically when giving it focus and
    editing long toots.

commit 6abd84980310c10d66a0d74324a8b57a9d99889c
Author: ThibG <thib@sitedethib.com>
Date:   Tue Jul 2 00:36:16 2019 +0200

    When deleting & redrafting a poll, fill in closest expires_in (#11203)

    Use the smallest preset expires_in such that the new poll would
    not expire before the old one.

    In the typical case of a quick delete & redraft, this results in
    using the same poll duration.

    Fixes #10567

commit 99b27a8b4bc41807adeb70aac7ff2ccab8f405d0
Author: ThibG <thib@sitedethib.com>
Date:   Sat Jun 29 18:32:36 2019 +0200

    When sending a toot, ensure a CW is only set if the CW field is visible (#11206)

    In some occasions, such as the browser or a browser extension auto-filling
    the existing but disabled/hidden CW field, a CW can be set without the user
    knowing.

commit 39741fa2cd994262bb85af2a2b58402d84aeb4cf
Author: ThibG <thib@sitedethib.com>
Date:   Wed Jun 26 14:28:36 2019 +0200

    Scroll to compose form rather than reply indicator on focus (#11182)

commit 5b3d70ffa749806976710488ea78e5d01b1b2466
Author: ThibG <thib@sitedethib.com>
Date:   Fri Jun 28 19:29:11 2019 +0200

    Display FTS warning based on actual search term, not the one being typed (#11202)

    Follow-up to #11112

commit 011909262aeacb64e5e12ef890eaa629f85b6d83
Author: ThibG <thib@sitedethib.com>
Date:   Thu Jun 27 21:12:26 2019 +0200

    Add message telling FTS is disabled when no toot can be found because of this (#11112)

    * Add message telling FTS is disabled when no toot can be found because of this

    Fixes #11082

    * Remove info icon and reword message

commit 69680db8a2fd7f466d11a7a75871fa749f146769
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Tue Jun 25 20:18:15 2019 +0200

    Fix unnecessary SQL query performed on unauthenticated requests (#11179)

commit 6e28da213961ed37cde7b82947b599eac31c925c
Author: ThibG <thib@sitedethib.com>
Date:   Tue Jun 25 14:45:14 2019 +0200

    Apply filters to poll options (#11174)

    * Apply filters to poll options in WebUI

    Fixes #11128

    * Apply filters to poll options server-side

    * Add poll options to searchable text

commit 74982c71b09ecf137e73194aa03a3be4f0ef669f
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Wed Jul 31 09:23:30 2019 +0200

    Fix delete regression (#11450)

    Regression from ff789a751a1c730e4d808410411196b76caff39c

commit c83c87fbe2c9586b90c677e24c81d690cade2a02
Author: ThibG <thib@sitedethib.com>
Date:   Tue Jul 30 13:18:23 2019 +0200

    Fix boosting & unboosting preventing a boost from appearing in the TL (#11405)

    * Fix boosting & unboosting preventing a boost from appearing in the TL

    * Add tests

    * Avoids side effects when aggregate_reblogs isn't true

commit 363afe5e059030e5c8b20f0b2610c1d1a1185749
Author: ThibG <thib@sitedethib.com>
Date:   Tue Jul 2 16:03:54 2019 +0200

    Memoize ancestorIds and descendantIds in detailed status view (#11234)

commit d588173ab382c22c1092a9d4154afec7a8d89ef0
Author: ThibG <thib@sitedethib.com>
Date:   Sun Jun 30 00:12:38 2019 +0200

    Optimize makeGetStatus (#11211)

    * Optimize makeGetStatus

    Because `ImmutableList.filter` always returns a new object and `createSelector`
    memoizes based on object identity, the selector returned by `makeGetStatus`
    would *always* execute.

    To avoid that, we wrap `getFilters` into a new memoizer that memoizes based on
    deep equality, thus returning the same object as long as the filters haven't
    changed, allowing the memoization of `makeGetStatus` to work.

    Furthermore, we memoize the compiled regexs instead of recomputing them each
    time the selector is called.

    * Fix memoized result being cleared too often

    * Make notifications use memoized getFiltersRegex

commit d1d3684fb5f96d90daf7ebd0173e42db67f270da
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sun Jul 21 18:10:07 2019 +0200

    Fix `alerts` booleans not being typecast correctly in push subscription (#11343)

    * Fix `alerts` booleans not being typecast correctly in push subscription

    Fix #10789

    * Fix typo

commit 6a3876bdaaa7eab08a13f68825681d2d4165ce5a
Author: ThibG <thib@sitedethib.com>
Date:   Fri Jul 19 23:13:21 2019 +0200

    Fix some flash notices/alerts staying on unrelated pages (#11364)

commit 5cd97c62a0b66739a4936691a7d216303040f773
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Tue Jul 2 11:34:39 2019 +0200

    Remove unused StatsD code and expose StatsD as a global variable (#11232)

    The instrumentation code was used for StatsD metrics collection
    prior to the switch to the nsa gem and should have been removed
    at that point as it no longer does anything at all

commit 769bbd511f1463431b6cfd274f672ea4aa14dd28
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Tue Jul 2 01:01:17 2019 +0200

    Fix statsd UDP sockets not being cleaned up in Sidekiq (#11230)

commit 5d79df0273ecb678e8c5a4f97c03e2d6a59b121c
Author: ThibG <thib@sitedethib.com>
Date:   Sun Jun 30 16:11:21 2019 +0200

    Fix expiration date of filters being set to “Never” when editing them (#11204)

    When editing a custom filter, select the shortest preset duration that
    still covers the remaining time of that filter.

    Fixes #9506

commit 0367ddb62c37bf8987700a71cbc47acc6b756f81
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sun Jun 30 16:10:43 2019 +0200

    Fix support for MP4 files that are actually M4V files (#11210)

    Resolve #11187

commit 221110c5d7761427263ac2ada87a06a94bcc9d1f
Author: Georg Gadinger <nilsding@nilsding.org>
Date:   Sun Jul 7 18:13:19 2019 +0200

    Update fuubar dependency to 2.4.1 (#11248)

    See also: thekompanee/fuubar#111

commit 8904487324fd7dc4fc9818fb975926e9defef42d
Author: ThibG <thib@sitedethib.com>
Date:   Fri Jul 26 18:55:33 2019 +0200

    Fix invites not being disabled upon account suspension (#11412)

    * Disable invite links from disabled/suspended users

    * Add has_many invites relationship to users

    * Destroy unused invites when suspending an account

commit 678292258449cbdb96f569ecb36fee4c423bd36c
Author: ThibG <thib@sitedethib.com>
Date:   Thu Jul 11 14:50:27 2019 +0200

    Fix BlockService trying to reject incorrect follow request (#11288)

    Fixes #11148

commit 806671755899777dba80cf68136fcec54de07366
Author: ThibG <thib@sitedethib.com>
Date:   Mon Jul 8 18:17:22 2019 +0200

    Fix Status.remote scope matching *all* statuses (#11265)

commit 5a06f68f0e6573f77d68444b2d3d8eda6c022a9b
Author: ThibG <thib@sitedethib.com>
Date:   Mon Jul 8 02:24:25 2019 +0200

    Fix BackupService crashing when an attachment is missing (#11241)

    * Fix BackupService crashing when an attachment is missing

    For various reasons such as admin error or out-of-sync media and
    database backups, it might be possible for local attachments to be lost.

    This commit allows the BackupService to continue its work even if some media
    file is missing.

    * Change error message

commit aef567cb9d086585de0cf197781e28bbeeb37665
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sat Jul 6 13:54:32 2019 +0200

    Fix option to send e-mail notification about account action always being true (#11242)

commit de747948a155ba38379f1ac9b051377e7fb5519a
Author: ThibG <thib@sitedethib.com>
Date:   Fri Jun 28 13:52:15 2019 +0200

    Fix swiping columns on mobile sometimes failing (#11200)

    Fixes #9779

commit c95ce1f3acbe5d328377cf333cbea0b258bf94c9
Author: ThibG <thib@sitedethib.com>
Date:   Thu Jun 27 19:41:55 2019 +0200

    Fix account URI in UpdatePollSerializer (#11194)

    * Fix account URI in UpdatePollSerializer

    Fixes #11185

    * Add specs

commit 405d6a71c8899254d2efcf0343683ea8ad154895
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Sun Jun 30 10:55:00 2019 +0200

    Fix merge issues

commit f0a512c7cab0e9a4f15672f32e87fcf8d644328c
Merge: 1e5b17b88a 66ac1bd063
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Tue Jun 25 19:44:59 2019 +0200

    Merge tag 'v2.9.2' into instance_only_statuses

commit 1e5b17b88a48230537715a432baf86e59d798974
Merge: 84c8b1e200 7d92c2c81d
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Mon Jun 3 22:06:36 2019 +0200

    Merge tag 'v2.8.4' into instance_only_statuses

commit 7d92c2c81d564d2648a362c20bc7914cd377525f
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Fri May 24 15:35:32 2019 +0200

    Bump version to 2.8.4

commit aa80292170967662e74ea5196bd2773ce4f77c07
Author: ThibG <thib@sitedethib.com>
Date:   Fri May 24 15:21:42 2019 +0200

    Improve streaming server security (#10818)

    * Check OAuth token scopes in the streaming API

    * Use Sec-WebSocket-Protocol instead of query string to pass WebSocket token

    Inspired by https://github.com/kubevirt/kubevirt/issues/1242

commit 130fbf839b656dfd544bc02aeff5cf52a9f4cd7c
Author: ThibG <thib@sitedethib.com>
Date:   Thu May 23 20:00:39 2019 +0200

    Fix possible race condition when processing statuses (#10815)

commit 39d1d022de00114d481b1ad522aa7441ad2c56eb
Author: ThibG <thib@sitedethib.com>
Date:   Thu May 23 15:22:39 2019 +0200

    Move signature verification stoplight to the requests themselves (#10813)

    * Move signature verification stoplight to the requests themselves

    This avoids blocking messages from known keys for 5 minutes when only one fails…

    * Put the stoplight on the actual client IP, not a potential reverse proxy

commit 9a881c70e215e7860ca7c3a653fc43692c793cdd
Author: ThibG <thib@sitedethib.com>
Date:   Thu May 23 15:00:30 2019 +0200

    Retry ActivityPub inbox delivery on HTTP 401 and 408 errors (#10812)

    HTTP 401 responses returned by Mastodon's inbox controller may
    be temporary if, for instance, the requesting user's actor/key json
    could not be retrieved in a timely fashion. This changes allow retries
    instead of dropping the message entirely.

    Also added HTTP 408 as that error is by nature temporary.

commit 370ec7e7718868a1bd3d645a98b968471e50a349
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sun May 19 16:46:49 2019 +0200

    Bump version to 2.8.3

commit 9222c26e19ec843d0b1b50b14901983270c9b8b5
Author: ThibG <thib@sitedethib.com>
Date:   Sun May 19 21:40:36 2019 +0200

    Fix “invited by” not showing up for invited accounts in admin interface (#10791)

commit 94439a1da7e585207dacf199c0eb4af2be1fdf7d
Author: Hinaloe <hina@hinaloe.net>
Date:   Mon May 20 01:41:41 2019 +0900

    fix `isSubmitting` prop case (#10785)

commit a6815a757886620315ff0906e175c9d5e5fbb3d8
Author: ThibG <thib@sitedethib.com>
Date:   Sun May 19 13:49:31 2019 +0200

    Add post-deployment migration script to delete public-boosts-of-private-toots (#10783)

commit d587a943a549d7ba5bb8433401390ac665bbdf17
Author: Ben Lubar <ben.lubar@gmail.com>
Date:   Sat May 18 13:57:45 2019 -0500

    add og:image:alt for media attachments in embeds (#10779)

commit 3c27687a6e1f283ff4f4300b2b07fbc10ba3bba7
Author: ThibG <thib@sitedethib.com>
Date:   Sat May 18 00:28:51 2019 +0200

    Prevent from publicly boosting one's own private toots (#10775)

commit ee17d81b8a4e02b5c72e39922f15634b4352c817
Author: ThibG <thib@sitedethib.com>
Date:   Wed May 15 06:54:06 2019 +0200

    Minor performance improvements and cleanup in formatter (#10765)

commit 9e95af3391837789a1039c4ea6181588817d3939
Author: Neil Moore <dar13.dev@gmail.com>
Date:   Wed May 15 00:53:23 2019 -0400

    Adds click-able div that expands status (#10733) (#10766)

    The clickable div is positioned under the account avatar and covers
    all empty space below it to the end of the status.

commit 91e25a20ce55a13d533e3f50cf2ad5b2a40a791c
Author: nzws <git@nzws.me>
Date:   Sun May 12 12:15:42 2019 +0900

    Fix some colors in light theme (#10754)

    * Fix typo in light theme

    * Fix background color of empty column

commit 47e0928c5b7bb87627b0fe768ff89ded787eaffe
Author: ThibG <thib@sitedethib.com>
Date:   Fri May 10 17:59:57 2019 +0200

    Change icon and label depending on whether media is marked as sensitive (#10748)

    * Change icon and label depending on whether media is marked as sensitive

    * WiP use a checkbox

commit c407a4edf8e38fa5cb38abd6bfa526376706e084
Author: Maciek Baron <thebezet@gmail.com>
Date:   Thu May 9 21:03:32 2019 +0100

    Improve poll link accessibility (#10720)

    * Add distinction between hover and active/focus states
    * Resolves #10198

commit 7a6464bea090d874266441b46dd8570797f6d3b5
Author: Jeong Arm <kjwonmail@gmail.com>
Date:   Thu May 9 01:01:33 2019 +0900

    Bring back crossed eye icon on gallery (#10715)

commit 9679ec4fcba08aa5db6e8365230bfccfee2baab3
Author: nzws <git-yuzu@svk.jp>
Date:   Wed May 8 06:53:58 2019 +0900

    Fix some colors of high contrast theme (#10711)

    * Fix "nothing here" text color of high contrast

    * Fix counter border color of high contrast

commit b40dfc124b1fc72a675edff20e79301e92aa789f
Author: ThibG <thib@sitedethib.com>
Date:   Mon May 6 05:33:56 2019 +0200

    Add description on hover in media gallery (#10713)

commit 84c8b1e200f2c2dfbfb33e4ebc9d92f16b08a7b2
Merge: a285462db6 2508370f44
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Tue May 7 21:42:11 2019 +0200

    Merge tag 'v2.8.2' into instance_only_statuses

commit a285462db606257d4b01fbb6223d87b4a7299ec5
Author: Thibaut Girka <thib@sitedethib.com>
Date:   Mon Apr 22 19:10:00 2019 +0200

    Do not leak local-only toots to remote mentioned users

commit 546581d2ba9a5f511430bdad7b6d8a0e99fee750
Merge: 153385e508 6afab2587d
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Sat Apr 13 23:47:24 2019 +0200

    Merge tag 'v2.8.0' into instance_only_statuses

commit 153385e508585f45b6cc1a186315de03a16bac70
Merge: e8012c10be f3eb99aec3
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Tue Feb 19 21:07:43 2019 +0100

    Merge tag 'v2.7.2' into instance_only_statuses

commit f3eb99aec3c2cd596c0b32fde9eff3be4579b22a
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sun Feb 17 19:56:23 2019 +0100

    Bump version to 2.7.2

commit e5f4af23eff7562901cea1f50f2a83213ff49a58
Author: ThibG <thib@sitedethib.com>
Date:   Sat Feb 16 14:53:27 2019 +0100

    Fix crash on public hashtag pages when streaming fails (#10061)

commit 33e8fa0d76c8d7499ab407b58ab1851b9899ebc1
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sat Feb 16 11:56:09 2019 +0100

    Fix mutes, blocks, domain blocks and follow requests not paginating (#10057)

    Regression from #9581

commit 98e38200ab7f238cfe53ea9f6a266b0e3180dec1
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sat Feb 16 05:27:05 2019 +0100

    Add vapid_key to the application entity in the REST API (#10058)

    Fix #8785

commit b6a5268e1b66303491efca3a5d1b310442c92e68
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sat Feb 16 05:23:47 2019 +0100

    Add registrations attribute to instance entity in REST API (#10060)

    Fix #9350

commit caf145029215f176cd470a4cf011c94e90b9dd8e
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Fri Feb 15 23:33:25 2019 +0100

    Change error graphic to hover-to-play (#10055)

    Fix #6060

commit 584f29e62a6000a6d54ae14aafbda7a4725610eb
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Fri Feb 15 19:43:09 2019 +0100

    Change buttons on timeline preview to open the interaction dialog (#10054)

    Fix #9922

commit 7b59de4f5c4055c1cc24b0ea5dbfa384a0a0ebf3
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Fri Feb 15 16:08:48 2019 +0100

    Change conversations to always show names of other participants (#10047)

    Fix #9190

commit 5aa147b67d7b9e4ef1dc322a1ab1e40bfc35efd2
Author: rinsuki <428rinsuki+git@gmail.com>
Date:   Fri Feb 15 01:03:01 2019 +0900

    Fix breaks when opening a reply tree in WebUI (#10046)

    fix #10045

commit 77a71236ade04edfce8dc5ee98a8d2ff7a064e15
Author: Nolan Lawson <nolan@nolanlawson.com>
Date:   Wed Feb 13 09:52:36 2019 -0800

    perf: run node directly when streaming (#10032)

commit 1ad0d232b3ed1c2005d64f1746ecd2d476379852
Author: Ben Lubar <ben.lubar+github@gmail.com>
Date:   Wed Feb 13 18:04:43 2019 -0600

    Improve image description user experience (#10036)

    * Add image descriptions to searchable post content.

    * Allow multi-line image descriptions.

    * Request image descriptions in the same query as posts when creating the search index.

    (see https://github.com/tootsuite/mastodon/pull/10036#discussion_r256551624)

commit 45b2bb464b5ff5b5b5805004a5dc856b495dfc54
Author: nightpool <nightpool@users.noreply.github.com>
Date:   Wed Feb 13 21:11:47 2019 -0500

    Change robots.txt to exclude only media proxy URLs (#10038)

    * Revert "Change robots.txt to exclude some URLs (#10037)"

    This reverts commit 80161f43510ad9316c60c9b50dd5c09c2dae4d54.

    * Let's block media_proxy

    /media_proxy/ is a dynamic route used for requesting uncached media, so it's
    probably bad to let crawlers use it

    * misleading comment

commit 637f0007b9535ed988cbe94c9b9b40a8f8e8a24f
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Wed Feb 13 21:28:18 2019 +0100

    Change robots.txt to exclude some URLs (#10037)

    - Exclude static assets
    - Exclude uploaded files
    - Exclude alternate versions of the profile page
    - Exclude media proxy URLs

commit 8ad75eea62117f8635de8897c74297a5a8b3bd5c
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Fri Feb 15 16:08:59 2019 +0100

    Fix relay enabling/disabling not resetting inbox availability status (#10048)

    Fix #10033

commit b163368c3e3e3a22c4ef98c0d0cd6c07a2ad13e6
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sun Feb 17 15:16:36 2019 +0100

    Fix Announce activities of unknown statuses not fetching those statuses (#10065)

    Regression from #9998

commit 71b831601db2fdc41aaf4ddbe9fd60db109a3153
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sun Feb 17 03:38:25 2019 +0100

    Add logging for rejected ActivityPub payloads and add tests (#10062)

commit e84c7618192b1ba1538e3c0af79acdf604aea5fc
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Fri Feb 15 18:19:45 2019 +0100

    Filter incoming Announce activities by relation to local activity (#10041)

    * Filter incoming Announce activities by relation to local activity

    Reject if announcer is not followed by local accounts, and is not
    from an enabled relay, and the object is not a local status

    Follow-up to #10005

    * Fix tests

commit ef45411c537d37f06b23914135460544d348bfd6
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Wed Feb 13 18:42:47 2019 +0100

    Filter incoming Create activities by relation to local activity (#10005)

    Reject those from accounts with no local followers, from relays
    that are not enabled, which do not address local accounts and are
    not replies to accounts that do have local followers

commit 6c11f0f8cf91aa4d0b83a0a9c5a92cfa99dcbfdd
Author: ThibG <thib@sitedethib.com>
Date:   Wed Feb 13 18:36:23 2019 +0100

    Alternative handling of private self-boosts (#9998)

    * When self-boosting, embed original toot into Announce serialization

    * Process unknown self-boosts from Announce object if it is more than an URI

    * Add some self-boost specs

    * Only serialize private toots in self-Announces

commit 737ac4b59df77e43bed71abc6de80bc89f893de1
Author: ysksn <bluewhale1982@gmail.com>
Date:   Sun Feb 3 03:11:38 2019 +0900

    Create Redisable#redis (#9633)

    * Create Redisable

    * Use #redis instead of Redis.current

commit 17a41e1f779874a270f531086f5576affcdb6cb1
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Feb 14 15:46:42 2019 +0100

    Fix hashtag column not subscribing to stream on mount (#10040)

    Fix #9895

commit 5a04861c7f2e98c80f315a19d7eadade044d8aae
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Feb 14 06:27:54 2019 +0100

    Add tight rate-limit for API deletions (#10042)

    Deletions take a lot of resources to execute and cause a lot of
    federation traffic, so it makes sense to decrease the number
    someone can queue up through the API.

    30 per 30 minutes

commit 2a1adab7d7824df9fa148a9431e942d6677c1d71
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Wed Feb 13 18:36:40 2019 +0100

    Fix style regressions on landing page (#10030)

commit a46487e895fbba23922888820c6b88ad07ebe56b
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Wed Feb 13 18:34:58 2019 +0100

    Fix hashtags select styling in default and high contrast themes (#10029)

commit f0f657e77c65923e6d77b5f62f7ee8544b4d9e00
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Wed Feb 13 05:30:49 2019 +0100

    Fix color of static page links in high contrast theme (#10028)

commit 1186b9abebc0b92acecebcd020d2f9c17de5d0b3
Author: ThibG <thib@sitedethib.com>
Date:   Tue Feb 12 22:24:14 2019 +0100

    Save IP address used for sign-up, not only sign-in (#10026)

    Fixes #9995

commit 27310a84a43623da8f08832e30e078ce936f6a1d
Author: Franck Zoccolo <franck@zoccolo.com>
Date:   Tue Feb 12 14:48:04 2019 +0100

    Add support for IPv6 only MXes in Email validation (#10009)

    * Add support for IPv6 only MXes

    * Fixed email validator tests

commit d66267508ac316ffc2756a6677fcbae5a44605c2
Author: ThibG <thib@sitedethib.com>
Date:   Tue Feb 12 05:10:43 2019 +0100

    Move sending account Delete to anyone but the account's followers to the pull̀ queue (#10016)

commit 41ecf80645d465d67dfee54d3cbb14a825ed8953
Author: Hinaloe <hina@hinaloe.net>
Date:   Tue Feb 12 13:10:31 2019 +0900

    Don't focus spiler input when disabled spoiler (#10017)

commit e1dbdf7377f20ace894ee92cf681542cc4b5eddb
Author: ThibG <thib@sitedethib.com>
Date:   Mon Feb 11 13:19:59 2019 +0100

    Fix timeline jumps (#10001)

    * Avoid two-step rendering of statuses as much as possible

    Cache width shared by Video player, MediaGallery and Cards at the
    ScrollableList level, pass it down through StatusList and Notifications.

    * Adjust scroll when new preview cards appear

    * Adjust scroll when statuses above the current scroll position are deleted

commit d9f0c7fb841bebfa942ddc5b7aae2857eb1381e3
Author: ThibG <thib@sitedethib.com>
Date:   Wed Feb 6 23:36:43 2019 +0100

    Fix IntersectionObserverArticle not hiding some out-of-view items (#9982)

    IntersectionObserverArticle is made to save on RAM by avoiding fully rendering
    items that are far out of view. However, it did not work for items spawned
    outside the intersection observer.

commit 6ea4cd5b86b0f96bfa9cfc904ee2c1adb48079a4
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sat Feb 9 20:13:11 2019 +0100

    Fix URL linkifier grabbing full-width spaces and quotations (#9997)

    Fix #9993
    Fix #5654

commit 2a7c091eae68b06ae4ad7c566878a04f9926ac92
Author: Hinaloe <hina@hinaloe.net>
Date:   Sat Feb 9 11:39:38 2019 +0900

     Only URLs extract with pre-escaped text (#9991)

    * [test] add japanese hashtag testcase

    * Only URLs extract with pre-escaped text

    ( https://github.com/tootsuite/mastodon/issues/9989 )

commit e2afe5fdfba352b35731acf028bad54f32223282
Author: abcang <abcang1015@gmail.com>
Date:   Wed Feb 6 10:50:52 2019 +0900

    Fix Tombstone.delete_all ArgumentError (#9978)

commit edde07f5ab235d6ceca95db66bb53161d372f830
Author: ThibG <thib@sitedethib.com>
Date:   Tue Feb 5 15:11:35 2019 +0100

    Hide misleading “You will be sent a confirmation e-mail” hint from admin view (#9973)

    Thanks @wryk for noticing this issue.

commit cd36ff43fd214b6b1447e88457b5a3f56461c1dd
Author: trwnh <a@trwnh.com>
Date:   Mon Feb 4 21:46:18 2019 -0600

    [UI] Fix whitespace being applied to div instead of p (#9968)

    * fix large line breaks

    * fix ascii art posts

commit 5e7c75cfd328af81a557985e1b5b2c70e6c68645
Author: rinsuki <428rinsuki+git@gmail.com>
Date:   Tue Feb 5 07:14:57 2019 +0900

    Fix not showing custom emojis in share page emoji picker (#9970)

commit a742a09530b6bdca78713e14dbab51bc3a56d222
Author: rinsuki <428rinsuki+git@gmail.com>
Date:   Tue Feb 5 06:25:42 2019 +0900

    Fix authorized applications list page design (#9969)

commit fdf819b83e820576164074b6726cb6ffdb4a47f6
Author: Jakub Mendyk <jakubmendyk.szkola@gmail.com>
Date:   Sat Feb 2 19:01:18 2019 +0100

    Allow most kinds of characters in URL query (fixes #8408) (#8447)

    * Allow unicode characters in URL query strings

    Fixes #8408

    * Alternative approach to unicode support in urls

    Adds PoC/idea to approch this problem.

commit 687a0cbcb036255d02aa1fab5132c51da2adc888
Author: Clar Charr <clar@charr.xyz>
Date:   Thu Jan 31 07:45:15 2019 -0500

    Replace unlock-alt icon with unlock (#9952)

commit e31970b924a7eaa1279708919b2743a15fb099f0
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Fri Feb 1 00:15:38 2019 +0100

    Fix link color in high-contrast theme, add underlines (#9949)

    Improve sorting of default themes in the dropdown

commit 88a1d0cdb4df422594c3ffb335ad794df4e55ea7
Author: Sam Schlinkert <sschlinkert@gmail.com>
Date:   Mon Jan 28 16:57:42 2019 -0500

    Bumps copyright year in README.md to 2019 (#9939)

    This is so incredibly small, but assuming this is a needed change. Might want to check year in other files.

commit e8012c10be2d0b2f9323e309d0e2dae5b113fb60
Merge: 20ad8165a0 28866d329b
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Thu Jan 31 11:08:42 2019 +0100

    Merge tag 'v2.7.1' into instance_only_statuses

commit 20ad8165a0e2589e8a5a7a3b4a2312c62eb6b357
Merge: e8161a11fc 31e7940de5
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Tue Jan 22 11:56:24 2019 +0100

    Merge tag 'v2.7.0' into instance_only_statuses

commit e8161a11fc7a9d9413fe4d9aa794ef734522ded0
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Wed Jan 9 11:12:49 2019 +0100

    Normalize translations

commit 4207973809bbf3b22f01a4ce811b8b18029d45df
Merge: 237952c10d bc3a6dd597
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Wed Jan 9 10:47:10 2019 +0100

    Merge tag 'v2.7.0rc1' into instance_only_statuses

commit 237952c10d0989ec7510a9ec190baf87cacc40c3
Author: Thibaut Girka <thib@sitedethib.com>
Date:   Tue Nov 13 17:30:15 2018 +0100

    Only stream local-only toots to logged-in users

commit f5f9fc366d554916996aa58f8dcbe10bcaf2fc81
Merge: b9f0f794db 887f9de6dc
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Fri Dec 7 15:27:23 2018 +0100

    Merge tag 'v2.6.5' into instance_only_statuses

commit 887f9de6dc12ef405f92b94eeaa775df74ebb1ef
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Sun Dec 2 16:52:40 2018 +0100

    Bump version to 2.6.5

commit e625425c8feb611e037c62855845b38ceb4b35c1
Author: ThibG <thib@sitedethib.com>
Date:   Wed Nov 21 17:02:58 2018 +0100

    Include replies to list owner and replies to list members in list statuses (#9324)

commit f13d08314e1d683fd40b3cb48c667aced222ce28
Author: ThibG <thib@sitedethib.com>
Date:   Sun Dec 2 16:46:13 2018 +0100

    Preload common JSON-LD contexts (#9412)

    Fixes #9411

commit 13979a84f93ab07dc002111f9a86eb358260dd00
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Fri Nov 30 19:54:24 2018 +0100

    Bump version to 2.6.4

commit 82570019ba01ec11b93f62921b3fc92f369ec53c
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Fri Nov 30 19:16:32 2018 +0100

    Remove npm-run-all dependency (#9401)

    Fix #9359

commit a1216e631537b1fbf07f2c8724ac05e757800be6
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Fri Nov 30 03:08:37 2018 +0100

    Bump version to 2.6.3

commit 34de90c486176992d8bc3d0f5f9f1156509d448c
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Tue Nov 27 19:46:05 2018 +0100

    Fix TLS handshake timeout not being enforced (#9381)

    Follow-up to #9329

commit 442f335504129f99bc405539967df628d4701761
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Tue Nov 27 19:15:08 2018 +0100

    Skip deliveries to inboxes that have already been marked as unavailable (#9358)

commit 58108b448159a8796500f2d3441cfe7b1ca99a67
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Tue Nov 27 18:49:37 2018 +0100

    Don't count suspended users in user count (#9380)

    Fix #7637

commit cc0c1674f03cfbbe3ee28208429f216db1678731
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Tue Nov 27 18:13:36 2018 +0100

    Fix nil error when no DNS addresses are found for host (#9379)

commit 49f49cf367b6fb8413b1967870a709a5e31c9b71
Author: ThibG <thib@sitedethib.com>
Date:   Tue Nov 27 12:28:01 2018 +0100

    Allow hyphens in the middle of remote user names (#9345)

    Fixes #9309

    This only allows hyphens in the middle of a username, much like dots,
    although I don't have a compelling reason to do so other than keeping
    the changes minimal.

commit ec20a5d53aa5d234498d0140ce772cd9f027adfb
Author: Hugo Gameiro <hmgameiro@gmail.com>
Date:   Tue Nov 27 11:19:12 2018 +0000

    add loglevel to ffmpeg in gif upload (#9368)

commit 404dc97fb013b7f835df65dfc22d07f68e482e23
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Fri Nov 23 22:32:20 2018 +0100

    Bump version to 2.6.2

commit a2cda74ba3cf6690f257ae612f28e890b7df2237
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Nov 22 20:12:04 2018 +0100

    Fix connect timeout not being enforced (#9329)

    * Fix connect timeout not being enforced

    The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.

    * Use timeout on each IP attempt, but limit to 2 attempts

    * Fix code style issue

    * Do not break Request#perform if no block given

    * Update method stub in spec for Request

    * Move timeout inside the begin/rescue block

    * Use Resolv::DNS with timeout of 1 to get IP addresses

    * Update Request spec to stub Resolv::DNS instead of Addrinfo

    * Fix Resolve::DNS stubs in Request spec

commit 12bdd7dc5f05e1b9eecf3b56dbcc24cf77bee884
Author: valerauko <vale@valerauko.net>
Date:   Thu Nov 22 20:49:07 2018 +0900

    Ignore JSON-LD profile in mime type comparison (#9179)

    Ignore JSON-LD profile in mime type comparison

commit 15dcb414bf2faaf21a686aa467015d244743c04e
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Tue Nov 20 22:25:32 2018 +0100

    Touch account on successful response, change char shown when culled (#9293)

    Just the color is not enough change since not everyone uses colored
    terminals.
    Touching the account makes it so that the account is not in the
    threshold window in case of running again

commit 2c36d357848c7d7cb64da6fd3464306ea6729da7
Author: Alexandre Alapetite <alexandre@alapetite.fr>
Date:   Tue Nov 20 22:25:04 2018 +0100

    WebSub: ATOM before RSS (#9302)

    Hello,
    The ATOM feed contains the hub declaration for WebSub, but the RSS
    version does not.
    RSS/ATOM readers will typically pick whichever version comes first, and
    will thus not see the WebSub feature.
    I therefore suggest putting the ATOM version first, as it is more
    feature-rich than its RSS counterpart is.

    Clients not compatible with ATOM would not pick it anyway due to the
    different type attribute.

    A more complicated alternative would be to declare the WebSub feature in
    the RSS version as well, using something like the following code, and
    ensuring that clients subscribed to the RSS version would receive PuSH
    updates just like those subscribed to the ATOM version.

    ````xml
    <rss version="2.0" xmlns:webfeeds="http://webfeeds.org/rss/1.0"
    xmlns:atom="http://www.w3.org/2005/Atom">
    <channel>
    <atom:link rel="self" type="application/rss+xml"
    href="https://diaspodon.fr/users/test.rss"/>
    <atom:link rel="hub" href="https://diaspodon.fr/api/push"/>
    </channel>
    </rss>
    ```

commit c0736c466c33473b4db55bf59ed6edc0a0020b27
Author: Dan Hunsaker <danhunsaker@gmail.com>
Date:   Tue Nov 20 14:24:35 2018 -0700

    Update Nginx config for Nanobox apps (#9310)

    The Nanobox files have gotten out of sync, a touch, with what Masto needs for Nginx settings. This PR updates them accordingly.

commit fa02f878fc6fdbc1aae8d3f45e71b4aeb589e7ea
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Mon Nov 19 10:37:57 2018 +0100

    Fix filter ID not being a string in REST API (#9303)

commit ecc58c0f2358ea764c4a4ebd7f9daf4c9143ec7a
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Fri Nov 16 19:46:23 2018 +0100

    Prevent multiple handlers for Delete of Actor from running (#9292)

commit 6d4438a6ae351e2a8a73c7373c22d28f10838f65
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Fri Nov 16 15:02:18 2018 +0100

    Remove intermediary arrays when creating hash maps from results (#9291)

commit 01a8ab921e6e2b23cfea834c63b2cd196d15ff0b
Author: mayaeh <mayaeh@marimo-net.org>
Date:   Fri Nov 16 17:47:40 2018 +0900

    Fix "tootctl media remove" can't count the file size (#9288)

    * Fixed an issue where "tootctl media remove" can not count the file size.

    * Fixed the problem pointed out by codeclimate.

commit a3ef0761602481515207c0cf93cae0119dff4b25
Author: ThibG <thib@sitedethib.com>
Date:   Tue Nov 13 14:58:14 2018 +0100

    Fix race condition causing shallow status with only a "favourited" attribute (#9272)

    Fixes #9231

commit cd8575aef671dd44b4384b79b568f367add43537
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Mon Nov 12 22:07:31 2018 +0100

    Fix null error introduced in #9270 (#9275)

commit 4ce6ed20211b83d36746f61d4fb7dd001339baa1
Author: ThibG <thib@sitedethib.com>
Date:   Mon Nov 12 18:17:50 2018 +0100

    Perform deep comparison for card data when receiving new props (#9270)

    Fixes #9226

commit 886ef1cc384f758944407ac0255afe7d71afc513
Author: ThibG <thib@sitedethib.com>
Date:   Sat Nov 10 23:59:51 2018 +0100

    Fix emoji update date processing (#9255)

commit d06a724b1c097b4e8b7f1fa2591b0753c349a5ad
Author: ThibG <thib@sitedethib.com>
Date:   Sat Nov 10 20:42:04 2018 +0100

    Check that twitter:player is valid before using it (#9254)

    Fixes #9251

commit f73b7e77dacd94c1d0c7c4bc0c0227eb3159ad19
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Fri Nov 9 09:08:01 2018 +0100

    Improve ActiveRecord connection in on_worker_boot (#9238)

    This is how it looks in the example in the Puma README

commit 63f168c3bf26f8c336d966b3619307801cab7cab
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Nov 8 21:55:59 2018 +0100

    Fix nil error regression from #9229 in tootctl media remove (#9239)

    Fix #9237

commit 0f436de035d848ce481a1d21a774031eef41f10d
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Nov 8 21:08:57 2018 +0100

    Add "Show thread" link to self-replies (#9228)

    Fix #4716

commit 21fd335dd7722d512962e5f49812b3e9a0cd426f
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Nov 8 21:06:26 2018 +0100

    Display amount of freed disk space in tootctl media remove (#9229)

    * Display amount of freed disk space in tootctl media remove

    Fix #9213

    * Fix code style issue

commit 4b2f2548061cbbe37a98951c01438e327c915c92
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Nov 8 21:06:14 2018 +0100

    Fix form validation flash message color and input borders (#9235)

    * Fix form validation flash message color and input borders

    * Fix typo

commit b3c29ece478d2e34525b4edb9b4eaed4904b1cb5
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Nov 8 21:06:01 2018 +0100

    Fix follow limit validator reporting lower number past threshold (#9230)

    * Fix follow limit validator reporting lower number past threshold

    * Avoid floating point follow limit

commit 330401bec0146be9762358c774efe9a58954d8c4
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Nov 8 21:05:42 2018 +0100

    Optimize the process of following someone (#9220)

    * Eliminate extra accounts select query from FollowService

    * Optimistically update follow state in web UI and hide loading bar

    Fix #6205

    * Asynchronize NotifyService in FollowService

    And fix failing test

    * Skip Webfinger resolve routine when called from FollowService if possible

    If an account is ActivityPub, then webfinger re-resolving is not necessary
    when called from FollowService. Improve options of ResolveAccountService

commit 5ee4fd46063a2c36d92805ede4b8860065e56dc2
Author: Eugen Rochko <eugen@zeonfederated.com>
Date:   Thu Nov 8 07:42:17 2018 +0100

    Increase default column width from 330px to 350px (#9227)

commit 430499fbe12057b833897dada6407c55a0dab048
Author: m.b <mbajur@users.noreply.github.com>
Date:   Mon Nov 5 18:54:07 2018 +0100

    Update resolve_url_service.rb (#9188)

commit 449e6e451f6185c44ed3b2d60b56b46b55e52281
Author: Steven Tappert <admin@dark-it.net>
Date:   Mon Nov 5 18:51:43 2018 +0100

    Check for empty "last_status" before sorting DM column (#9207)

    * Check for empty "last_status" before sorting

    * Small touchups for codeclimate

commit b9f0f794db01515c5365ec96150752ba86f5b4f5
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Tue Oct 23 08:42:13 2018 +0200

    Change setting wording

commit 3306fad8036a441ede18b112a7dea8d7751d3dc6
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Tue Oct 23 08:38:13 2018 +0200

    Fix wrong configuration fetched

commit fde9668bae3649a92bed1d7cb2089b6eb0b611b1
Merge: d42a06fc74 f468bfb830
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Tue Oct 23 08:32:55 2018 +0200

    Merge tag 'v2.6.0rc1' into instance_only_statuses

commit d42a06fc7404f64ada011554cfd7ea7574c769e9
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Mon Oct 1 19:32:47 2018 +0200

    Add default federation option to settings

commit 9d6e005849123baeecc37124a351c1cf75517343
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Mon Oct 1 19:14:36 2018 +0200

    Fix issue with toggle in mobile

commit 5497b5af611a8c5eed14461c3b6fbbd0ead224ec
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Tue Sep 4 18:27:34 2018 +0200

    Add local only icon to status page

commit 469294d2939669ec8acbfaa10a03993bdb178298
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Mon Sep 3 21:47:07 2018 +0200

    Hide local statuses from user atom and from unlogged users

commit 6bef1a8134333efabd9be677273f33e194bd327a
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Sun Aug 26 12:42:32 2018 +0200

    Add local_only to admin screens

commit e1049a94aa4e1a8ed8ec02b25f5ce5bba4f4665f
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Sun Aug 26 12:27:13 2018 +0200

    Normalize translations
    ran yarn build:development && i18n-tasks normalize && yarn manage:translations && i18n-tasks remove-unused

commit b4ae56e82fe8ca4a8e7b1dfd19f84c0af34b69ce
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Fri Aug 24 19:27:12 2018 +0200

    Add local_only indicator to detailed status

commit c963e1548d750dbb8ce0c46b1df268c43fcdec4d
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Fri Aug 24 18:56:11 2018 +0200

    Add local_only indicator in the status action bar

commit f37ca30ea166ee6a9c0e2fdec58ede0e10a7c6b5
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Sat Aug 25 13:27:58 2018 +0200

    Add backend support for local_only on status create
    Based off ThibG implementation on glitch #502

commit 4969ea4f2cb5e48b66797bded55c4256601396f1
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Thu Aug 23 20:35:29 2018 +0200

    Base frontend on privacy dropdown

commit ffaa814bbe202de7e9f594698f6b1297fd950255
Author: Renato "Lond" Cerqueira <renato@lond.com.br>
Date:   Thu Aug 23 19:30:09 2018 +0200

    Use backend from glitch-soc for instance-only toots
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working performance Runtime performance security Security issues and fixes, vulnerabilities
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants